Thank you for registering.
Cyber Resilient Organization Report 2020
Our digital report contains interactive tools that allow you to review key findings and explore data. You can also take the cyber resiliency assessment to see how you stack up.
Download the full report
Take the assessment
Executive summary
The fifth annual Cyber Resilient Organization Report from IBM Security is based on research from Ponemon Institute surveying more than 3,400 IT and security professionals around the world in April 2020 to determine their organizations’ ability to detect, prevent, contain and respond to cybersecurity incidents.
The volume of cybersecurity incidents has risen, causing significant disruption to IT and business processes. At the same time, the percent of organizations that reported achieving a high level of cyber resilience increased from 35% in 2015 to 53% in 2020, growing 51%. A cyber resilient enterprise can be defined as one that more effectively prevents, detects, contains and responds to a myriad of serious threats against data, applications and IT infrastructure.
More than one-quarter of respondents now use an enterprise-wide, consistent cybersecurity incident response plan (CSIRP) to ensure their cyber resilience. A majority of organizations rely on automation, machine learning, AI, cloud and orchestration to fortify their security environments.
But challenges remained — from resource and budget constraints, continuing sophistication of threats and complexity of IT environments to a decline in the security team’s ability to contain cyberattacks.
The report examines the approaches and best practices organizations took to improve their overall cyber resilience. It details the importance of cyber resilience to minimize business disruption in the face of cyberattacks as part of a strong security posture. Finally, we offer recommendations to help your organization become more cyber resilient.
Cyber resilient facts
Amount of organizations reporting a significant business disruption during the past two years due to a cybersecurity incident
Percentage of organizations using an enterprise-wide CSIRP
Portion of high performing organizations reporting improved cyber resilience through automation tools
Ratio of respondents who say that Cloud services improved cyber resilience
Average number of security solutions and technologies in use
Amount of organizations reporting a significant business disruption during the past two years due to a cybersecurity incident
Percentage of organizations using an enterprise-wide CSIRP
Portion of high performing organizations reporting improved cyber resilience through automation tools
Ratio of respondents who say that Cloud services improved cyber resilience
Average number of security solutions and technologies in use
Amount of organizations reporting a significant business disruption during the past two years due to a cybersecurity incident
Percentage of organizations using an enterprise-wide CSIRP
Portion of high performing organizations reporting improved cyber resilience through automation tools
Ratio of respondents who say that Cloud services improved cyber resilience
Average number of security solutions and technologies in use
What's new in the 2020 report
To reflect the evolving security landscape, this year's report examines for the first time how the use of cloud services improved organizations' cyber resilience and what the main benefits were. Also added were questions about organizations' use of specific response plans to address common security attacks, such as malware and phishing.
We expanded on questions introduced last year about the number of security solutions to further understand the number of tools used to investigate and respond to a security incident.
Similar to last year, we created a benchmark for measuring cyber resilience by isolating the most cyber resilient organizations, i.e. “high performers,” and uncovering their differentiators. The report highlights what tactics enhanced high performing organizations’ level of cyber resilience, such as leveraging automation tools, using cloud services and emphasizing interoperability.
Key findings
Cybersecurity incident response plans (CSIRPs) minimize business disruption.
The adoption of enterprise-wide CSIRPs has slowly improved, growing 44% since 2015. Despite this progress and the benefit, 51% of respondents said their CSIRPs were not applied consistently across the enterprise or, worse, the plan was informal or ad hoc.
Of those with a formal CSIRP, only one-third have attack-specific playbooks in place for common attacks such as DDoS or malware. Even fewer respondents had plans for emerging threats like ransomware.
Furthermore, only 7% of organizations reviewed their CSIRPs quarterly — a figure that did not change much over the last five years. In fact, 40% of organizations had no set time period for reviewing and updating the plan, an increase of 8% since 2015. Without an up-to-date CSIRP that is applied across the business, 23% more organizations experienced a significant disruption to their IT and business processes.
While it’s impossible to thwart every attack, the preparation and processes an organization uses to respond can greatly reduce damage. The lack of due diligence around a CSIRP revealed by the study potentially limits its effectiveness in an aggressive threat environment.
Too many tools weaken cyber resilience, but automation, visibility and interoperability improve incident response.
Organizations used a high volume of tools to manage their security environments and respond to cybersecurity incidents. Nearly 30% of organizations used more than 50 separate security solutions and technologies, and 45% used more than 20 tools when specifically investigating and responding to a cybersecurity incident.
However, an excessive use of disconnected tools creates complex environments, which can inhibit efficiency. The study revealed that the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident.
In fact, companies with more than 50 tools ranked 8% lower in the ability to detect a cyberattack and ranked 7% lower in the ability to respond to an attack compared to companies using less than 50 tools.
Visibility into applications and data has been one of the top ways organizations improved their cyber resilience for the last three years. Automation stands out this year as another compelling reason — especially for high performers. High performers reported that using interoperable tools helped increase their cyber resilience: 63% compared with 46% of other organizations.
The emphasis on interoperability helped provide the much needed visibility across multiple vendors’ solutions, while at the same time reduced complexity.
Cloud services lead to greater cyber resilience.
The use of cloud services improved cyber resilience, according to 52% of respondents. When separating out high performers, 63% cited the use of cloud services in improving their cyber resilience compared to 49% of other organizations.
Not surprisingly, 60% of financial services organizations, early adopters of cloud, stated that use of cloud services had improved their organization’s cyber resilience. Healthcare and retail organizations as well as the public sector also report above average improvements due to cloud services.
Companies in the United Kingdom, Germany, France, the United States and Canada led the way in valuing cloud services and their importance to achieving cyber resilience. Specifically, more than two-thirds of organizations in these countries value the use of cloud services.
According to high performers, the leading reasons for improvement due to cloud services were the benefits of leveraging a distributed environment, economies of scale and availability of service level agreements. On the other hand, 30% of organizations reported that poorly configured cloud services inhibited their progress in cyber resilience.
Investing in cloud services alone is not enough, optimization is imperative for the environment to be effective.
High performers
What high performing organizations do differently
When asked to assess their cyber resilience on a scale of 1 to 10, close to one-quarter of respondents gave themselves a rating greater than nine. Of that group, 59% said their organizations improved significantly in the last year. We refer to these organizations as high performers.
Similar to last year, high performers outperformed other organizations in their abilities to prevent, detect, contain and respond to a cyber attack. This year, however, the gap is much larger. The biggest differences were in containing and responding to an attack.
While high performers outperformed other organizations last year by 14% when containing an attack, this difference grew to 35%. Similarly, last year the difference between high performers and others was 15% for responding to a cyberattack. The gap in 2020 is 31%.
One-quarter of respondents gave themselves a rating of a 9 or higher when it came to assessing their cyber resilience
Clearly, high performers were utilizing best practices from which other organizations can learn.
6 Steps to improve cyber resilience
- 1 Implement an enterprise-wide CSIRP to minimize business disruption. Just having a CSIRP is not enough; it should be implemented across the organization and reviewed on a regular basis. As the volume and severity of attacks increases year after year, the lack of an updated CSIRP may increase the risk of experiencing a significant disruption to IT and business processes.
- 2 Tailor response plans to specific attacks in your industry. Cybersecurity attacks come in many forms. Organizations can strengthen their security postures by understanding the top threats in their industries and preparing detailed response plans to help ensure team members know the steps needed to investigate and remediate a specific attack.
- 3 Embrace interoperability to increase visibility and reduce complexity As organizations navigate complex security environments, the most effective teams leverage interoperability to increase visibility of tools and data to help prevent and detect attacks. Approaches that streamline workflows help increase the productivity of the security operations center.
- 4 Invest in technologies to accelerate incident response. Technologies such as automation, analytics, AI and machine learning as well as cloud services were leading reasons why organizations improved their cyber resilience. Automation, in particular, helps companies improve operational efficiencies and reduce team churn by freeing up time to focus on the high value tasks needed to investigate and respond.
- 5 Align your security and privacy teams. Organizations with stronger cyber resilience recognize that security and privacy go hand-in-hand. Eliminate silos and encourage a culture of collaboration to more effectively respond to data breaches. Bringing these two teams together early and often will improve security posture sooner than if they work together for the first time during a massive security incident.
- 6 Formalize C-level/board reporting to raise the visibility of the organization’s cyber resilience. Business leaders recognize that cyber resilience affects revenue and reputation, thus, keeping cyber resilience performance front and center is imperative to ensure it receives the required level of investment and resources.
Complete findings
Additional insights
Explore the data
About the report
Organizational characteristics
This 2020 Cyber Resilient Organization Report includes responses from 3,439 IT and Security practitioners in United States, India, Germany, United Kingdom, Brazil, Japan, Australia, France, Canada, ASEAN* and the Middle East**.
Represented industries
18 industry segments were included in the sample
Financial services
Banking, insurance, investment companies
Health & pharmaceutical
Hospitals, clinics, and biomedical life sciences
Retail
Brick and mortar and e-commerce
Manufacturing
Large-scale producers of goods or components
Hospitality
Hotels, restaurant chains,cruise lines
Public sector
Federal, state and local government agencies and NGOs
Transportation
Airlines and railroads
Energy & utilities
Oil and gas companies, utilities, alternative energy producers and suppliers
Consumer products
Manufacturers and distributors of consumer products
Logistics & distribution
Trucking and delivery companies, supply chain management
Industrial
Chemical process, engineering and manufacturing companies
Communications
Newspapers, book publishers, public relations and advertising agencies
IT & technology
Software and hardware companies
Services
Professional services such as legal, accounting and consulting firms
Entertainment & media
Movie production, sports, gaming and casinos
Agriculture & food services
Farming, commercial producers of food (plants and livestock)
Defense & aerospace
Producers and designers of commercial or defense-related aircraft and systems
Education & research
Market research, think tanks, R&D, public and private universities and colleges, training and development companies
**Middle East represents a sample of respondents located in United Arab Emirates and Saudi Arabia.
Study
Demographics
Data
Methodology
IT and security practitioners located in the United States, India, Germany, the United Kingdom, Brazil, Japan, Australia, France, Canada, ASEAN and the Middle East were asked to complete an online survey.
The final sample of respondents consisted of 3,439 surveys, for an overall 3.3% response rate.
Countries and regions
3,439Respondents
Definitions
Cyber resilience
Cyber resilience is defined as the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks. This refers to an enterprise’s capacity to maintain its core purpose and integrity in the face of cyberattacks. A cyber resilient enterprise is one that can prevent, detect, contain and recover from a myriad of serious threats against data, applications and IT infrastructure.
High performer
As part of this research, we identified respondents that self-reported their organizations had achieved a high level of cyber resilience and were better able to mitigate risks, vulnerabilities and attacks. We refer to these organizations as high performers.
Research limitations
Survey research has inherent limitations that need to be carefully considered before drawing inferences from findings. The following items are specific limitations germane to most web-based surveys.
Non-response bias
The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument.
Sampling-frame bias
The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a web-based collection method, it is possible that non-Web responses by mailed survey or telephone call would result in a different pattern of findings.
Self-reported results
The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses.
About Ponemon Institute
and IBM Security
The Cyber Resilient Organization Report is produced jointly between Ponemon Institute and IBM Security. The research is conducted independently by Ponemon Institute and results are sponsored, analyzed, reported and published by IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, provides security solutions to help organizations drive security into the fabric of their business so they can thrive in the face of uncertainty.
IBM operates one of the broadest and deepest security research, development and delivery organizations. Monitoring more than two trillion events per month in more than 130 countries, IBM holds over 3,000 security patents. To learn more, visit ibm.com/security.
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.
Ponemon Institute upholds strict data confidentiality, privacy and ethical research standards, and does not collect any personally identifiable information from individuals (or company identifiable information in business research). Furthermore, strict quality standards ensure that subjects are not asked extraneous, irrelevant or improper questions.
Download<br>the report
The full Cyber Resilient Organization Report 2020 delves further into the current landscape of cyber resilience based on data collected from organizations worldwide. It outlines the key differentiators in high performing organizations and includes multiple charts.
Download
the report
The full Cyber Resilient Organization Report 2020 delves further into the current landscape of cyber resilience based on data collected from organizations worldwide. It outlines the key differentiators in high performing organizations and includes multiple charts.
