The fourth annual Ponemon report on The Cyber Resilient Organization in 2019, sponsored by IBM Security, focuses on the key trends that make an organization cyber resilient and how cyber resilience has changed since the first report launched in 2015.
Hosted by Larry Ponemon of the Ponemon Institute and Maria Battaglia, IBM Security, these two industry experts answer the questions, what has improved in the cyber security space over the past 4 years? What do organizations still struggle with? And which groups are improving and how?
This webinar will take you through the barriers of becoming cyber resilient and dive into report topics such as implementing automation, aligning privacy and cyber security, and what it takes to become a cyber resilient “High Performer” in 2019.
Listen to the on-demand webinar at: https://event.on24.com/wcc/r/1975828/97089502D02EFD9478B85676EB67266C?partnerref=FM1
4. Ponemon Institute Presentation Private and Confidential 4
Cyber Resilience
An enterprise’s capacity to
maintain its core purpose and
integrity in the face of
cyberattacks through the
alignment of prevention,
detection and response
capabilities to manage, mitigate
and move on from cyberattacks.
5. The Ponemon Study on The Cyber Resilient
Organization YOY Trends Since 2015
Ponemon Institute Presentation Private and Confidential 5
Challenges
Implementing and practicing a response plan
Containing the growing number & severity of cyber
attacks
Managing a large number of tools & solutions
Complying to GDPR
Improvements
Organizations gained overall Cyber
Resilience
Better Ability to Prevent Attacks
More value on Cyber Resilience
7. The 2019 Study on Cyber Resilient Organization
Ponemon Institute Presentation Private and Confidential
In Year 4
3,655
45%
12 Countries
7
Southeast Asian countries (ASEAN),
Australia, Brazil, Canada, Germany,
France, India, Japan, The Middle East
(UAE/Saudi Arabia). The United
Kingdom & the United States
IT & Security Professionals
Respondents Manager level and
above
Able to Benchmark at scale
8. Organizations rate their Cyber Resilience as better
but all else is steady
Ponemon Institute Presentation Private and Confidential 8
32%
40%
49%
53%
48%
55%
52%
50%
54%54% 53% 53%
49%
53%
0%
10%
20%
30%
40%
50%
60%
Cyber
resilience
Prevent a cyber
attack
Quickly detect
a cyber attack
Contain a cyber
attack
Respond to a
cyber attack *
* Response not available in 2016
FY2016 FY2017 FY2018
6%
Improvement in
Cyber Resilience
from 2016 – today.
1 = low ability to 10 = high ability, 7+ responses reported
9. In 2019, top ways to improve CyberResilience were hiring,
visibility into applications, and improving information
governance practices
Ponemon Institute Presentation Private and Confidential 9
17%
24%
28%
29%
36%
40%
50%
56%
57%
62%
15%
23%
29%
30%
39%
39%
47%
60%
57%
61%
0% 10% 20% 30% 40% 50% 60% 70%
Board-level reporting on the organization’s…
C-level buy-in and support for the…
Training for end-users
Training and certification for Cybersecurity…
Engaging a managed security services…
Elimination of silo and turf issues
Implementation of new technology,…
Improved information governance practices
Visibility into applications and data assets
Hiring skilled personnel
FY2017 FY2018
10. Organizations measured these improvements based on cyber attacks
prevented, time shortened to identify the incident & to contain the
incident.
More than one response permitted
Ponemon Institute Presentation Private and Confidential 10
1%
12%
15%
16%
22%
22%
27%
31%
48%
51%
55%
0% 10% 20% 30% 40% 50% 60%
Other
Increased market share
Decreased operating cost
Increased share value
Enhanced reputation and…
Increased revenues
Data center availability (uptime)
Increased productivity of employees
Time to contain the incident
Time to identify the incident
Cyber attacks prevented
11. Cybersecurity & cyber resilience budget remains steady
Ponemon Institute Presentation Private and Confidential 11
Extrapolated average (millions) US$ 2018 2017 2016
Cybersecurity budget $11.6 $11.3 $11.4
Percentage allocated to cyber resilience
activities
31% 30% 30%
Total average budget allocated to cyber
resilience
$3.6 $3.4 $3.4
12. 2019 Cyber Resilience Deeper
Findings
Ponemon Institute Presentation Private and Confidential 12
Studied the High Performers
- Technology Adoption Trend
Automation
- Alignment between Privacy & Cyber
Security
14. Represent 26% of the 3655
in the study
Highest level of cyber resilience
More prepared to respond
Less impacted by cyber threats.
Report less attacks, better
containment and recovery
Ponemon Institute Presentation Private and Confidential
Confidence
Dedication
Communication
Skills
Industry
Awareness
Streamlined SOC
14
Who are High Performers?
16. Ponemon Institute Presentation Private and Confidential 16
High Performers have less data breaches
Very frequently and Frequently responses
combined
30%
45%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
High performer Overall
High performers experience
15%less data breaches than the
overall group .
18. Ponemon Institute Presentation Private and Confidential 18
69%
31%
56%
44%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Yes No
High performer Overall
High performers are more likely to share
information about data breaches with
government or industry peers.
13%
more likely to
participate in threat
sharing
19. 70%
produce either a formal or
‘ad hoc’ report on the
organizations Cyber
Resilience to their
executive level and Board
Ponemon Institute Presentation Private and Confidential
19
51%
19%
30%
40%
21%
39%
0%
10%
20%
30%
40%
50%
60%
Yes, formal report Yes, informal or
“ad hoc” report
No
High performer Overall
High Performers Talk to the Board and C Suite Regularly
20. High Performers Adopt and Deploy New Methods &
Technologies
Ponemon Institute Presentation Private and Confidential 20
+7% Threat Sharing & Intel
Programs
+10% Use DevOPs & Secure SDLC
+12% Use of Cybersecurity
Analytics
+12% Leverage AI
60% 57%
45%
32%
53%
47%
33%
20%
0%
10%
20%
30%
40%
50%
60%
70%
High automation Overall
21. High performers embrace both artificial intelligence and
machine learning
Ponemon Institute Presentation Private and Confidential 21
Embraced AI & ML
+82% High Performers are using in
moderately or significantly
Only +18% insignificant
or no automation versus 30% of all
organizations
34%
48%
8% 10%
23%
48%
11%
18%
0%
10%
20%
30%
40%
50%
60%
Yes,
significant
use
Yes,
moderate use
Yes,
insignificant
No use
High performer Overall
22. Ponemon Institute Presentation Private and Confidential 22
0% 1%
9%
43%
47%
2%
6%
17%
43%
32%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
1 or 2 3 or 4 5 or 6 7 or 8 9 or 10
High performer Overall
High Performers value Automation
On a scale From 1 = low value to 10 = high value
High performers
are
15%
More likely to rate
automation as a 9
and above
23. Ponemon Institute Presentation Private and Confidential 23
24%
25%
27%
23%
5%
9%
31%
55%
0% 10% 20% 30% 40% 50% 60%
We don’t have a CSIRP
Our CSIRP is informal or “ad hoc”
We have a CSIRP, but is not applied
consistently across the enterprise
We have a CSIRP that is applied
consistently across the entire enterprise
High performer Overall
High Performers have a set cybersecurity incident
response plan (CSIRP)
32%
Of high performers have a
CSIRP that is applied
consistently across the
entire enterprise
24. Automations impact on
CyberResilience
Ponemon Institute Presentation Private and Confidential 24
Threat Sharing
& Advanced
Technologies
Prevention Confidence
Skilled
Professionals
Reduce
Complexity
GDPR
Compliance
25. Ponemon Institute Presentation Private and Confidential 25
30%
33%
48%
41%
43%
60%
0% 10% 20% 30% 40% 50% 60% 70%
Staffing for cybersecurity is sufficient to achieve a
high level of cyber resilience
Funding for cybersecurity is sufficient to achieve a
high level of cyber resilience
Too many separate security solutions and
technologies are deployed which increases
operational complexity and reduces visibility
High performer Overall
High Performers have a greater ability
to achieve a high level of cyber
resilience
Strongly agree and Agree responses combined
27. Organizations that implement automation recognize the
importance of the privacy role
Essential and Very important responses combined
Ponemon Institute Presentation Private and Confidential 27
66%
71%
65% 62%
0%
10%
20%
30%
40%
50%
60%
70%
80%
The importance of the privacy role The importance of aligning the privacy and
cybersecurity roles
High automation Overall
28. If alignment is essential or very important, why?
More than one response permitted
Ponemon Institute Presentation Private and Confidential 28
2%
48%
49%
60%
63%
0% 10% 20% 30% 40% 50% 60% 70%
Other
Increase in perceived trustworthiness
More effective approach to compliance with data
protection regulations (such as GDPR)
Less redundancy and more efficiency in both
privacy and cybersecurity operations
Reduction in silos and turf issues
29. How long has your organization’s
current CPO or privacy leader held
their position?
March 2019
Ponemon Institute Presentation Private and Confidential 29
27%
11%
19%
20%
14%
9%
0% 5% 10% 15% 20% 25% 30%
Currently, we don’t have a CPO or privacy
leader
Less than 1 year
1 to 3 years
4 to 6 years
7 to 10 years
More than 10 years
30. Average full-time headcount of the organization’s privacy
function today and what it should be
Extrapolated values presented
Ponemon Institute Presentation Private and Confidential 30
3.21
3.95
1.00
1.50
2.00
2.50
3.00
3.50
4.00
4.50
Full-time equivalent (FTE) headcount of
your privacy function today
What the full-time equivalent (FTE) privacy
headcount should be to achieve cyber
resilience
31. Recommendations for High Cyber Resilience
Ponemon Institute Presentation Private and Confidential 31
Focus on
Prevention
Build &
Deploy CSIRP
widely
Retain &
Train Talent
Invest in
Automation
Align Privacy &
Security
Value Privacy
function
Participate in Threat
Sharing
33. Caveats
Ponemon Institute Presentation Private and Confidential 33
This study utilizes a confidential and proprietary benchmark method that has been successfully deployed in earlier Ponemon
Institute research. However, there are inherent limitations to benchmark research that need to be carefully considered before
drawing conclusions from findings.
Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of
individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that
individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the
instrument.
Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals
who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media
coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or
telephone call would result in a different pattern of findings.
Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects.
While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not
provide accurate responses.
34. Ponemon Institute Presentation Private and Confidential 34
92%
79%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
High performer Overall
It is very important to have skilled
cybersecurity professionals in a CSIRP
1 = low importance to 10 = high importance,
7+ responses reported
35. Ponemon Institute Presentation Private and Confidential 35
49%
56%
60%
61%
56%
62%
65%
66%
0% 10% 20% 30% 40% 50% 60% 70%
Leaders recognize that cyber resilience
affects brand and reputation
Leaders recognize that enterprise risks
affect cyber resilience
Leaders recognize that automation,
machine learning, artificial intelligence
and orchestration strengthens our…
Leaders recognize that cyber resilience
affects revenues
High performer Overall
Senior management’s awareness about the
positive impact of cyber resilience on the
enterprise
Strongly agree and Agree responses combined
36. Ponemon Institute Presentation Private and Confidential 36
35%
35%
30%
23%
24%
53%
0% 10% 20% 30% 40% 50% 60%
We have too many security solutions and
technologies to achieve cyber resilience
We do not have enough security
solutions and technologies to achieve
cyber resilience
We have the right number of security
solutions and technologies to achieve
cyber resilience
High performer Overall
What one statement best describes the
number of separate security technologies
deployed by your organization
37. The eight most effective security
technologies
Twenty-two technologies were listed in
the survey instrument
Ponemon Institute Presentation Private and Confidential 37
44%
50%
53%
53%
55%
56%
56%
69%
55%
52%
59%
53%
41%
70%
58%
52%
53%
58%
41%
71%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Intrusion detection & prevention
Network traffic surveillance
Intelligence and threat sharing *
Anti-malware solution (AVAM)
Cryptographic technologies *
Incident response platform
Security information & event management
Identity management & authentication
* Response not available in FY2016 & FY2017
FY2016 FY2017 FY2018
38. Some organizations do not find the
value in threat-sharing programs
Four responses permitted
Ponemon Institute Presentation Private and Confidential 38
3%
34%
39%
43%
43%
52%
53%
60%
73%
4%
9%
16%
11%
19%
24%
33%
43%
40%
4%
11%
16%
10%
21%
22%
33%
42%
42%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Do not know about options to share
intelligence
Lack of incentives
Potential liability of sharing
Anti-competitive concerns
Risk of the exposure of sensitive and
confidential information
Cost
Lack of resources
No perceived benefit to my organization
FY2016 FY2017 FY2018
73%
of organizations
do not see a
benefit to threat-
sharing programs
39. Threat sharing paves the way for
collaboration between peers and
industry groups
Three choices allowed
Ponemon Institute Presentation Private and Confidential 39
46%
52%
55%
58%
58%
58%
58%
72%
57%
32%
52%
75%
53%
33%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Reduces the cost of detecting and
preventing data breaches
Improves the effectiveness of our incident
response plan
Enhances the timeliness of incident
response
Improves the cyber resilience of my
organization *
Improves the ability to detect, contain and
respond *
Fosters collaboration among peers,
industry groups and government
* Response not available in 2016 & 2017
FY2016 FY2017 FY2018