Your incident response plan probably isn’t as strong as you think it is, according to a new pool of research showing a broad gap between the perceived strength of incident response plans and their true effectiveness. In “The Third Annual Study on the Cyber Resilient Organization,” Ponemon researchers surveyed more than 2,848 IT and IT security pros from around the world. They learned businesses continue to struggle to respond to security incidents, primarily because they lack formal incident response plans and sufficient budgets.
Nearly half (48%) of respondents rate their “cyber resilience” as high or very high, an increase from 32% one year prior. Researchers define cyber resilience as “the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyber attacks.” However, 77% of respondents admit they don’t have a formal incident response plan applied consistently across their organization. Nearly half say their plan is informal or nonexistent.
Read more about the findings of the recent Ponemon study on cyber resilience on DarkReading.