The 2018 Cyber Resilient Organisation Study takes a deeper dive on both the perceptions and risks when it comes to cyber resiliency and has found that organisations are feeling increasingly confident to deal with cyber threats. Contributor Paul Ayers, General Manager, EMEA – IBM Resilient Systems
Those highly resilient organisations attribute their confidence to their ability to hire skilled personnel. The rising confidence, however, may be misplaced, as the time to respond to threats and their severity are increasing. These problems are further compounded by just 31 percent of those surveyed having an adequate Cyber Resilience budget in place and difficulty retaining and hiring IT Security professionals (77 percent).
Having the right staff in place is crucial, as currently the staffing for Cyber Resilience-related activities is inadequate: The second-biggest barrier to Cyber Resilience was having insufficient skilled personnel dedicated to cyber security; 29 percent of respondents reported having ideal staffing to achieve Cyber Resilience; 50 percent say their organisation’s current CISO or security leader has been in place for three years or less. Twenty-three percent report they do not currently have a CISO or security leader.
Paul Ayers, General Manager, EMEA, at IBM Resilient Systems, said: “This report, now in its 3rd year for the UK, shows that UK businesses are slowly coming to terms with the need to become Cyber Resilient. New research shows that the volume and severity of incidents in the UK continues to grow, and that more than half of the UK businesses surveyed have had a significant data breach in the last 2 years.
Despite this, 50 percent of organisations reported that their Cyber Resilience has improved in the last 12 months. This is a result of hiring skilled personnel into the team, as well as improved governance practices and better visibility into key applications and data.”
This study is also extremely relevant from a GDPR perspective, as resilience and response to breach management are interlinked with new legislation on the 72h window to notify on a breach.