IBM Security: Response Planning Up, But Containing Attacks Remains a Problem


A new global report from IBM security, examining the effectiveness of businesses in preparing for — and responding to — cyberattacks, has found both cause to celebrate, and reasons to be concerned.

The good news is that the organizations IBM Security surveyed have improved their abilities to plan for, detect and respond to cyberattacks these five years, adopting formal, enterprise-wide security response plans, with 26% saying they’ve adopted security response plans, up from 18% in 2015.

However, companies’ ability to contain an attack declined by 13% during the same period, with the report finding that respondents’ security response efforts have been hindered by the use of too many security tools — more than 50 for some — as well as a lack of specific playbooks for different, common attacks.

A majority of organizations surveyed (74%) reported their plans are either ad-hoc, applied inconsistently, or there’s no plan at all. “This lack of planning can impact the cost of security incidents, as companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place,” the report reads.

The report found that only one third have developed specific playbooks for common attack types, and that plans for emerging attack methods are even further behind. The amount of security tools being used has proven to have a negative impact, with those using 50 or more security tools ranking themselves 8% lower in their ability to detect (and 7% lower in their ability to respond) to an attack, than those using less tools.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, VP of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

The report showed that companies with formal security response plans, applied across the business, were less likely to experience serious disruption due to a cyberattack, with only 39% of those companies reporting a disruptive security incident over the past two years, compared to 62% of those with less formal plans. However, among organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks.

To read more about the report, click here.