Global Trends in Cyber Resilience

Posted by HANDD on 4th November 2016

Every day gives us another example of companies falling victim to cyberattacks. ‘Cyber resilience’ has therefore become the new goal; defined as “the capacity of an enterprise to maintain its core purpose and integrity in the face of cyberattacks”.

The Ponemon Institute has investigated this growing requirement in depth, conducting research into the cyber resilience of organisations in the United States, The United Kingdom, and Germany. IT and security practitioners were surveyed in each country – identifying the gaps, opportunities, and challenges that businesses in each of these markets face in trying to achieve cyber resilience.

The research shows there are some clear global trends.

Cyber resilience is impacted by broader organisational factors

It’s important to look beyond the IT and security teams to achieve company-wide cyber resilience. The impact of a security incident doesn’t stop at security, therefore the measures to become cyber resilient can’t either. Cross-organisation collaboration is key to achieving cyber resilience.

German organisations are the most successful here – with 24 percent saying that the state of collaboration in their organisation is excellent, compared to only 15 percent and 16 percent of US and UK respondents respectively. There is significant room for improvement in all countries, with more than 50 percent of respondents in all three countries saying that collaboration is “adequate, but can be improved”. Nearly a third of US and UK respondents ranked their collaboration “poor or non-existent”.

The research shows a lack of ownership of cyber resilience, which is part of the problem. In the UK in particular, 14 percent of respondents said no single person has overall responsibility for achieving cyber resilience. Without proper ownership and stewardship, it is unsurprising that cross-department collaboration is lacking.

Planning and preparedness for incidents is an issue without borders

Insufficient planning and preparedness was identified as the most significant obstacle to achieving cyber resilience in all three regions investigated. More than 60 percent of security pros across the board ranked it as the biggest challenge.

Incident response capabilities poor or non-existent

Arguably the most important area in achieving cyber resilience is incident response, yet it is overlooked in many organisations. The research shows that most organisations have yet to apply a Cyber Security Incident Response Plan (CSIRP). Instead, many take an ad-hoc approach, without focused plans or technology investment. Even more worryingly, a significant proportion have no incident response plans in place at all.

Germany again fares better than the UK and US (only 21 percent of German respondents don’t have a CSIRP, compared to 43 percent of UK organisations). But across the board, security teams need to work on improving their response plans – just one in five respondents say they have “a well-defined CSIRP that is applied consistently across the entire enterprise”.

Companies know that there is work to be done

Most companies need to invest more time and effort into achieving cyber resilience, and the research shows that organisations are aware of this fact. Only 25 percent of organisations in the US, and 29 percent in the UK rated their cyber resilience as high. Interestingly, German organisations are comparatively optimistic, with 44 percent stating that they have a high level of resilience, but this may be misplaced confidence. While German organisations rank higher in some areas than their US and UK counterparts, the trends are still present – preparedness, collaboration and incident response capabilities need improvement.

As the old adage goes, ‘by failing to prepare, you are preparing to fail’, and good incident response is based on appropriate level of planning. These plans need to include the entire organisation, and to consider how to collaborate when an attack occurs. By identifying and fixing these issues now, organisations can look to achieve true cyber resilience in the future.