If your company has an incident response plan that you can rely on in the face of a cyber attack, then you're ahead of most of the world, according to research recently conducted by the Ponemon Institute. Shockingly, more than 75 percent of survey respondents from around the world admitted that they have no formal incident response plan. Even worse, half of the companies that indicated they had an incident response plan said that it was informal.
Curiously, given these statistics, 72 percent of organizations indicated that they were more resilient today than they were the year before. They also indicated a high level of confidence in their staff to respond appropriately to any problem that arose.
Given the stark reality and the ever-increasing number of attacks, that comes off more like bravado than genuine confidence. Ted Julian, the Vice President of product management of IBM Resilient (sponsor of the Ponemon Institute's research) had this to say:
"Having the right staff in place is critical, but arming them with the most modern tools to augment their work is equally important. A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber-resilience."
This year, most of the provisions of a new piece of legislation, GDPR (General Data Protection Regulations) come into effect, and companies that don't have a formal incident response plan by then could pay a hefty price. Even if that weren't the case, the research concluded that the overall cost of a data breach was nearly a million dollars lower on average when companies were able to deal with the breach decisively and contain it within thirty days.
The bottom line is, if you don't have one yet, now is the time.