Thank you for registering.
Our digital report contains interactive tools that allow you to review key findings and explore data. You can also take the cyber resiliency assessment to see how you stack up.
Download the full report
Take the assessment
The fifth annual Cyber Resilient Organization Report from IBM Security is based on research from Ponemon Institute surveying more than 3,400 IT and security professionals around the world in April 2020 to determine their organizations’ ability to detect, prevent, contain and respond to cybersecurity incidents.
The volume of cybersecurity incidents has risen, causing significant disruption to IT and business processes. At the same time, the percent of organizations that reported achieving a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.
More than one-quarter of respondents now use an enterprise-wide, consistent cybersecurity incident response plan (CSIRP) to ensure their cyber resilience. A majority of organizations rely on automation, machine learning, AI, cloud and orchestration to fortify their security environments.
But challenges remained — from resource and budget constraints, continuing sophistication of threats and complexity of IT environments to a decline in the security team’s ability to contain cyberattacks.
The report examines the approaches and best practices organizations took to improve their overall cyber resilience. It details the importance of cyber resilience to minimize business disruption in the face of cyberattacks as part of a strong security posture. Finally, we offer recommendations to help your organization become more cyber resilient.
Amount of organizations reporting a significant business disruption during the past two years due to a cybersecurity incident
Percentage of organizations using an enterprise-wide CSIRP
Portion of high performing organizations reporting improved cyber resilience through automation tools
Ratio of respondents who say that Cloud services improved cyber resilience
Average number of security solutions and technologies in use
Amount of organizations reporting a significant business disruption during the past two years due to a cybersecurity incident
Percentage of organizations using an enterprise-wide CSIRP
Portion of high performing organizations reporting improved cyber resilience through automation tools
Ratio of respondents who say that Cloud services improved cyber resilience
Average number of security solutions and technologies in use
Amount of organizations reporting a significant business disruption during the past two years due to a cybersecurity incident
Percentage of organizations using an enterprise-wide CSIRP
Portion of high performing organizations reporting improved cyber resilience through automation tools
Ratio of respondents who say that Cloud services improved cyber resilience
Average number of security solutions and technologies in use
To reflect the evolving security landscape, this year's report examines for the first time how the use of cloud services improved organizations' cyber resilience and what the main benefits were. Also added were questions about organizations' use of specific response plans to address common security attacks, such as malware and phishing.
We expanded on questions introduced last year about the number of security solutions to further understand the number of tools used to investigate and respond to a security incident.
Similar to last year, we created a benchmark for measuring cyber resilience by isolating the most cyber resilient organizations, i.e. “high performers,” and uncovering their differentiators. The report highlights what tactics enhanced high performing organizations’ level of cyber resilience, such as leveraging automation tools, using cloud services and emphasizing interoperability.
The adoption of enterprise-wide CSIRPs has slowly improved, growing 44% since 2015. Despite this progress and the benefit, 51% of respondents said their CSIRPs were not applied consistently across the enterprise or, worse, the plan was informal or ad hoc.
Of those with a formal CSIRP, only one-third have attack-specific playbooks in place for common attacks such as DDoS or malware. Even fewer respondents had plans for emerging threats like ransomware.
Furthermore, only 7% of organizations reviewed their CSIRPs quarterly — a figure that did not change much over the last five years. In fact, 40% of organizations had no set time period for reviewing and updating the plan, an increase of 8% since 2015. Without an up-to-date CSIRP that is applied across the business, 23% more organizations experienced a significant disruption to their IT and business processes.
While it’s impossible to thwart every attack, the preparation and processes an organization uses to respond can greatly reduce damage. The lack of due diligence around a CSIRP revealed by the study potentially limits its effectiveness in an aggressive threat environment.
Organizations used a high volume of tools to manage their security environments and respond to cybersecurity incidents. Nearly 30% of organizations used more than 50 separate security solutions and technologies, and 45% used more than 20 tools when specifically investigating and responding to a cybersecurity incident.
However, an excessive use of disconnected tools creates complex environments, which can inhibit efficiency. The study revealed that the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident.
In fact, companies with more than 50 tools ranked 8% lower in the ability to detect a cyberattack and ranked 7% lower in the ability to respond to an attack compared to companies using less than 50 tools.
Visibility into applications and data has been one of the top ways organizations improved their cyber resilience for the last three years. Automation stands out this year as another compelling reason — especially for high performers. High performers reported that using interoperable tools helped increase their cyber resilience: 63% compared with 46% of other organizations.
The emphasis on interoperability helped provide the much needed visibility across multiple vendors’ solutions, while at the same time reduced complexity.
The use of cloud services improved cyber resilience, according to 52% of respondents. When separating out high performers, 63% cited the use of cloud services in improving their cyber resilience compared to 49% of other organizations.
Not surprisingly, 60% of financial services organizations, early adopters of cloud, stated that use of cloud services had improved their organization’s cyber resilience. Healthcare and retail organizations as well as the public sector also report above average improvements due to cloud services.
Companies in the United Kingdom, Germany, France, the United States and Canada led the way in valuing cloud services and their importance to achieving cyber resilience. Specifically, more than two-thirds of organizations in these countries value the use of cloud services.
According to high performers, the leading reasons for improvement due to cloud services were the benefits of leveraging a distributed environment, economies of scale and availability of service level agreements. On the other hand, 30% of organizations reported that poorly configured cloud services inhibited their progress in cyber resilience.
Investing in cloud services alone is not enough, optimization is imperative for the environment to be effective.
When asked to assess their cyber resilience on a scale of 1 to 10, close to one-quarter of respondents gave themselves a rating greater than nine. Of that group, 59% said their organizations improved significantly in the last year. We refer to these organizations as high performers.
Similar to last year, high performers outperformed other organizations in their abilities to prevent, detect, contain and respond to a cyber attack. This year, however, the gap is much larger. The biggest differences were in containing and responding to an attack.
While high performers outperformed other organizations last year by 14% when containing an attack, this difference grew to 35%. Similarly, last year the difference between high performers and others was 15% for responding to a cyberattack. The gap in 2020 is 31%.
One-quarter of respondents gave themselves a rating of a 9 or higher when it came to assessing their cyber resilience
This 2020 Cyber Resilient Organization Report includes responses from 3,439 IT and Security practitioners in United States, India, Germany, United Kingdom, Brazil, Japan, Australia, France, Canada, ASEAN* and the Middle East**.
Represented industries
18 industry segments were included in the sample
Banking, insurance, investment companies
Hospitals, clinics, and biomedical life sciences
Brick and mortar and e-commerce
Large-scale producers of goods or components
Hotels, restaurant chains,cruise lines
Federal, state and local government agencies and NGOs
Airlines and railroads
Oil and gas companies, utilities, alternative energy producers and suppliers
Manufacturers and distributors of consumer products
Trucking and delivery companies, supply chain management
Chemical process, engineering and manufacturing companies
Newspapers, book publishers, public relations and advertising agencies
Software and hardware companies
Professional services such as legal, accounting and consulting firms
Movie production, sports, gaming and casinos
Farming, commercial producers of food (plants and livestock)
Producers and designers of commercial or defense-related aircraft and systems
Market research, think tanks, R&D, public and private universities and colleges, training and development companies
IT and security practitioners located in the United States, India, Germany, the United Kingdom, Brazil, Japan, Australia, France, Canada, ASEAN and the Middle East were asked to complete an online survey.
The final sample of respondents consisted of 3,439 surveys, for an overall 3.3% response rate.
Countries and regions
3,439Respondents
Cyber resilience is defined as the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks. This refers to an enterprise’s capacity to maintain its core purpose and integrity in the face of cyberattacks. A cyber resilient enterprise is one that can prevent, detect, contain and recover from a myriad of serious threats against data, applications and IT infrastructure.
As part of this research, we identified respondents that self-reported their organizations had achieved a high level of cyber resilience and were better able to mitigate risks, vulnerabilities and attacks. We refer to these organizations as high performers.
Survey research has inherent limitations that need to be carefully considered before drawing inferences from findings. The following items are specific limitations germane to most web-based surveys.
The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument.
The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings.
The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses.
The Cyber Resilient Organization Report is produced jointly between Ponemon Institute and IBM Security. The research is conducted independently by Ponemon Institute and results are sponsored, analyzed, reported and published by IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, provides security solutions to help organizations drive security into the fabric of their business so they can thrive in the face of uncertainty.
IBM operates one of the broadest and deepest security research, development and delivery organizations. Monitoring more than two trillion events per month in more than 130 countries, IBM holds over 3,000 security patents. To learn more, visit ibm.com/security.
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.
Ponemon Institute upholds strict data confidentiality, privacy and ethical research standards, and does not collect any personally identifiable information from individuals (or company identifiable information in business research). Furthermore, strict quality standards ensure that subjects are not asked extraneous, irrelevant or improper questions.
The full Cyber Resilient Organization Report 2020 delves further into the current landscape of cyber resilience based on data collected from organizations worldwide. It outlines the key differentiators in high performing organizations and includes multiple charts.
The full Cyber Resilient Organization Report 2020 delves further into the current landscape of cyber resilience based on data collected from organizations worldwide. It outlines the key differentiators in high performing organizations and includes multiple charts.
Integrate tools across multicloud environments
Learn moreDetect threats
Learn moreOrchestrate your response
Learn moreRemediate and recover
Learn more