IBM, Ponemon Institute Find Organizations Ill Prepared for Cyber Attacks

The Ponemon Institute and Resilient do not think IT professionals are sufficiently prepared to handle cyber attacks.

Resilient, an IBM Company and Ponemon unveiled the results of their annual Cyber Resilient Organization study, which found that only 32 percent of IT and security professionals say their organization has a high level of “cyber resilience,” down from 35 percent in 2015. The study also found that 66 percent of respondents say their organization is not prepared to recover from cyber attacks.

75% of respondents admitted they do not have a formal cyber security incident response plan that is applied consistently across the organization, according to “The 2016 Cyber Resilient Organization.”

“This year’s Cyber Resilience study shows that organizations globally are still not prepared to manage and mitigate a cyberattack,” said John Bruce, CEO and cofounder of Resilient. “Security leaders can drive significant improvement by making incident response a top priority—focusing on planning, preparation, and intelligence.”


The study also uncovered common barriers to cyber resilience. 66% say “insufficient planning and preparedness” is the top barrier. Respondents also indicate that the complexity of IT and businesses processes is increasing faster than their ability to prevent, detect, and respond to cyber attacks. This year, 46 percent of respondents say the “complexity of IT processes” is a significant barrier to achieving a high level of cyber resilience, up from 36 percent in 2015.

“While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place,” said Dr. Larry Ponemon. “We are encouraged that this is becoming a more important part of an overall IT security strategy.”