Rather than focus purely on prevention, cyber-resilience focuses on ensuring an organisation can manage, mitigate – and move on from – cyberattacks. Research conducted by the Ponemon Institute in the UK surveyed 450 IT/IT security professionals to explore what cyber-resilience looks like in the real world.
They key to cyber-resilience is preparedness. Despite this, only 18% of respondents reported their organisations had a consistent computer security incident response plan – or CSIRP.
Interestingly German respondents are more confident in their organisation’s ability to withstand cyberattacks. 63% said they could contain a cyberattack and 54% reported a high resilience rate (compared to only 25% of US and 29% of UK respondents).
Key findings
- Organisations are facing a range of cyber-threats, including those created by human error
- Only 18% of respondents have a well-defined enterprise wide CSIRP
- In order to achieve cyber-resilience, then one function must clearly have responsibility for cybersecurity
- Collaboration between business functions is essential
- A knowledgeable staff and preparedness are most important to achieving a high level of cyber resilience.
- Organisational factors can hold back cyber-resilience. This includes the failure by leaders to recognise the potential damage cyberattacks may have on the organisation
The full research paper is available to download via Ponemon.