Study Shows Fall in Organizational Resilience Against Cyberattacks

This week, the Ponemon Institute published the results of its 2016 Cyber Resilient Organization study which showed that organizational resilience against cyberattacks is has fallen over the last 12 months.

The Ponemon Institute describes organizational resilience against cyberattacks as the ability of an organization to “maintain its core purpose and integrity in the face of cyberattacks.”

The IBM’s Resilient-sponsored study showed that only 32% of IT security professionals rated their resilience against cyberattacks as high. Last year, 35% of IT security professionals rated their resilience as high.

When asked about how well their organization would be able to respond to a cyberattack, 66% said they did not think their organization would be able to recover. 68% of respondents said they believed their organization could not remain resilient in the wake of a cyberattack.

44% of organizations said their organization’s resilience against cyberattacks had not improved in the past 12 months, while 4% said it had declined.

The survey also confirmed that cyber attacks are taking place with increasing frequency. More than half of survey respondents (54%) said they have had to deal with at least one data breach in the past 24 months. The attacks most commonly due to human error (74%), malware (74%) and phishing (64%). When an attack is experienced, 41% said those attacks now take longer to resolve.

Part of the reason why recovery from a cyberattack would prove difficult is the lack of adequate planning and preparedness. 66% of respondents said insufficient planning and preparedness would hamper efforts to recover from a cyberattack if one occurred. Having an effective cyber security incident response plan (CSIRP) is essential, yet many companies have not developed an effective CSIRP, let alone thoroughly tested it.

According to Larry Ponemon, Chairman and Founder of the Ponemon Institute, “While companies are seeing the value of deploying an incident response plan, there is still a lag in having the appropriate people, processes, and technologies in place.” Fortunately, many companies are now incorporating a CSIRP into their overall IT security strategy.

Other factors that are preventing organizations from becoming more resilient to cyberattacks is the complexity of IT processes, rated as a barrier by 46% of respondents. The problem is becoming more severe. Last year, 36% of respondents cited complexity of IT systems as a barrier to resilience.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of