News: Lack of planning and leadership limiting firms’ cyber resilience, study finds.
The Ponemon Institute has found that 71% of UK organisations rate their cyber resilience as low, which reveals that the majority of organisations in the country are not sufficiently prepared to handle cyber attacks.
Just 29% of organisations said that they had a high level of cyber resilience, while just 36% said they were confident in their ability to recover from a cyberattack.
One of the major reasons why the level of cyber resilience amongst firms is so low is a lack of planning and preparedness. 61% said that insufficient planning was the greatest barrier to cyber resilience.
76% said that an incident response plan is the most important governance practcie, but 43% of organisations are not prepared to respond to a cyber security incident. 39% have an "ad hoc" CSIRP, or do not apply across the organisation.
Other key issues identified as barriers to cyber resilience were insufficient awareness, analysis, and assessment, which was cited by 55%, and complexity of business processes, which was cited by 51%.
Accountability within organisations was another key issue exposed in the survey. 14% said nobody within their organisation had overall responsibility for making it resilient to cyber attacks. 19% said it was the responsibility of the CIO, and 17% said it was down to the business unit leader.
The lack of leadership and responsibility also means that collaboration within organisations is poor. Just 15% of respondents said collaboration was excellent, whereas 32% said it was poor or non-existent.
65% of the respondent said that they did not have the right staffing and funding levels to achieve a high level of cyber resilience, with an average of 23% of the IT security budget being allocated to it amongst the firms surveyed.
This could be because company leadership do not see the issue as important. 56% said that the leaders in their organisations do not recognise that cyber resilience effects enterprise risk and brand image.
The privacy and security organisation surveyed 450 IT and security executives, for its Learning to Thrive against Threats report, which was authored by the firm’s founder Larry Ponemon.
"Despite the growing importance of cyber resilience, the research shows serious issues that need to be addressed if UK organisations are to survive the next wave of cyberattacks," said Larry Ponemon. "Until cyber resilience becomes a coordinated, organisation-wide effort and the necessary technology and processes are put in place, organisations will remain vulnerable," he said.
The issue of cyber resilience has become an increasing priority in recent times. Chairman of the influential Commons Treasury select committee Andrew Tyrie has published letters to the bosses of some of the country’s top banks urging them to make their IT systems more resilient.