Around one-third of global organizations are not well prepared to face advanced cyber threats as they don’t have formal incident response plans, a new survey has found.
The global breach readiness survey, published by security firm RSA, compared the responses of 170 security practitioners in 30 countries, with feedback from members of the Security for Business Innovation Council (SBIC).
The SBIC consists of security execs from Global 1000 companies, including General Electric Global CISO Timothy McKnight, Johnson & Johnson Worldwide VP of Information Security Marene Alison and JP Morgan Chase CIO for Commercial Banking Anish Bhimani.
Using the SBIC as a benchmark, the survey suggests that majority of organizations are not following incident response best practices and therefore are not fully prepared to face the challenges of advanced cyber threats.
The survey focused on measures within four major areas of breach readiness and response- incident response, content intelligence, analytic intelligence and threat intelligence.
The survey results have revealed that while all leading-edge SBIC members have developed an incident response function, 30 per cent of the 170 non-SBIC respondent organizations do not have formal incident response plans in place and around 57 per cent of the organizations with a plan admit to never update or review them.
Commenting on the report, RSA chief trust officer, Dave Martin, said organizations are struggling to gain visibility into operational risk across the business.
“As business has become increasingly digital, information security has become a key area of operational risk and while many organisations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile.”