Most organizations (77 percent) do not have a cybersecurity incident response plan applied across their enterprise, according to a recent survey sponsored by IBM.
IBM tapped independent research firm The Ponemon Institute to conduct the 2019 Cyber Resilient Organization survey, which asked more than 3,600 security and IT professionals from various countries, including the U.S., U.K. and Canada, about their cybersecurity preparedness.
Of the organizations with a cybersecurity incident response plan in place, 54 percent said they fail to test their plans regularly. Lack of a cybersecurity incident response plan can leave organizations less prepared to deal with the aftermath of a cyberattack, according to the report.
"Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident," IBM Resilient Vice President of Product Management Ted Julian said in a news release. "These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program. When proper planning is paired with investments in automation, we see companies able to save millions of dollars during a breach."
Twenty-three percent of survey respondents said their organization "significantly," applies automation technologies, including identity management and authentication and incident response platforms, to their response process. The remaining 77 percent of users said their organizations use automation "moderately, insignificantly or not at all."
To download IBM's survey, click here.