Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization

Leaders & Laggards:
The 2019 Cyber Resilient Organization Study
1
Sponsored by

Our Speakers
Dr. Larry Ponemon
The Ponemon Institute
Maria Battaglia
IBM Security

Ponemon Institute Presentation Private and Confidential 4
Cyber Resilience
An enterprise’s capacity to
maintain its core purpose and
integrity in the face of
cyberattacks through the
alignment of prevention,
detection and response
capabilities to manage, mitigate
and move on from cyberattacks.

The Ponemon Study on The Cyber Resilient
Organization YOY Trends Since 2015
Challenges
Implementing and practicing a response plan
Containing the growing number & severity of cyber
attacks
Managing a large number of tools & solutions
Complying to GDPR
Improvements
Organizations gained overall Cyber
Resilience
Better Ability to Prevent Attacks
More value on Cyber Resilience

2019 Study
Results

The 2019 Study on Cyber Resilient Organization
Ponemon Institute Presentation Private and Confidential
In Year 4
3,655
45%
12 Countries
7
Southeast Asian countries (ASEAN),
Australia, Brazil, Canada, Germany,
France, India, Japan, The Middle East
(UAE/Saudi Arabia). The United
Kingdom & the United States
IT & Security Professionals
Respondents Manager level and
above
Able to Benchmark at scale

Organizations rate their Cyber Resilience as better
but all else is steady
32%
40%
49%
53%
48%
55%
52%
50%
54%54% 53% 53%
49%
53%
0%
10%
20%
30%
40%
50%
60%
Cyber
resilience
Prevent a cyber
attack
Quickly detect
a cyber attack
Contain a cyber
attack
Respond to a
cyber attack *
* Response not available in 2016
FY2016 FY2017 FY2018
6%
Improvement in
Cyber Resilience
from 2016 – today.
1 = low ability to 10 = high ability, 7+ responses reported

In 2019, top ways to improve CyberResilience were hiring,
visibility into applications, and improving information
governance practices
17%
24%
28%
29%
36%
40%
50%
56%
57%
62%
15%
23%
29%
30%
39%
39%
47%
60%
57%
61%
0% 10% 20% 30% 40% 50% 60% 70%
Board-level reporting on the organization’s…
C-level buy-in and support for the…
Training for end-users
Training and certification for Cybersecurity…
Engaging a managed security services…
Elimination of silo and turf issues
Implementation of new technology,…
Improved information governance practices
Visibility into applications and data assets
Hiring skilled personnel
FY2017 FY2018

Organizations measured these improvements based on cyber attacks
prevented, time shortened to identify the incident & to contain the
incident.
More than one response permitted
1%
12%
15%
16%
22%
22%
27%
31%
48%
51%
55%
0% 10% 20% 30% 40% 50% 60%
Other
Increased market share
Decreased operating cost
Increased share value
Enhanced reputation and…
Increased revenues
Data center availability (uptime)
Increased productivity of employees
Time to contain the incident
Time to identify the incident
Cyber attacks prevented

Cybersecurity & cyber resilience budget remains steady
Extrapolated average (millions) US$ 2018 2017 2016
Cybersecurity budget $11.6 $11.3 $11.4
Percentage allocated to cyber resilience
activities
31% 30% 30%
Total average budget allocated to cyber
resilience
$3.6 $3.4 $3.4

2019 Cyber Resilience Deeper
Findings
Studied the High Performers
- Technology Adoption Trend
Automation
- Alignment between Privacy & Cyber
Security

High Performers

Represent 26% of the 3655
in the study
Highest level of cyber resilience
More prepared to respond
Less impacted by cyber threats.
Report less attacks, better
containment and recovery
Confidence
Dedication
Communication
Skills
Industry
Awareness
Streamlined SOC
14
Who are High Performers?

High Performers See Results Across All Areas
IBM Security / © 2019 IBM Corporation 15
preventing
an attack
+16%
detecting
an attack
+23%
responding to
an attack
+15%
containing an
attack
+25%
Better
CyberResilience
+18%

High Performers have less data breaches
Very frequently and Frequently responses
combined
30%
45%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
High performer Overall
High performers experience
15%less data breaches than the
overall group .

How Do High
Performers
Achieve Better
Overall
CyberResilience?

69%
31%
56%
44%
0%
10%
20%
30%
40%
50%
60%
70%
80%
Yes No
High performers are more likely to share
information about data breaches with
government or industry peers.
13%
more likely to
participate in threat
sharing

70%
produce either a formal or
‘ad hoc’ report on the
organizations Cyber
Resilience to their
executive level and Board
19
51%
19%
30%
40%
21%
39%
0%
10%
20%
30%
40%
50%
60%
Yes, formal report Yes, informal or
“ad hoc” report
No
High Performers Talk to the Board and C Suite Regularly

High Performers Adopt and Deploy New Methods &
Technologies
+7% Threat Sharing & Intel
Programs
+10% Use DevOPs & Secure SDLC
+12% Use of Cybersecurity
Analytics
+12% Leverage AI
60% 57%
45%
32%
53%
47%
33%
20%
0%
10%
20%
30%
40%
50%
60%
70%
High automation Overall

High performers embrace both artificial intelligence and
machine learning
Embraced AI & ML
+82% High Performers are using in
moderately or significantly
Only +18% insignificant
or no automation versus 30% of all
organizations
34%
48%
8% 10%
23%
48%
11%
18%
0%
10%
20%
30%
40%
50%
60%
Yes,
significant
use
Yes,
moderate use
Yes,
insignificant
No use

0% 1%
9%
43%
47%
2%
6%
17%
43%
32%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
1 or 2 3 or 4 5 or 6 7 or 8 9 or 10
High Performers value Automation
On a scale From 1 = low value to 10 = high value
High performers
are
15%
More likely to rate
automation as a 9
and above

24%
25%
27%
23%
5%
9%
31%
55%
0% 10% 20% 30% 40% 50% 60%
We don’t have a CSIRP
Our CSIRP is informal or “ad hoc”
We have a CSIRP, but is not applied
consistently across the enterprise
We have a CSIRP that is applied
consistently across the entire enterprise
High Performers have a set cybersecurity incident
response plan (CSIRP)
32%
Of high performers have a
CSIRP that is applied
consistently across the
entire enterprise

Automations impact on
CyberResilience
Threat Sharing
& Advanced
Technologies
Prevention Confidence
Skilled
Professionals
Reduce
Complexity
GDPR
Compliance

30%
33%
48%
41%
43%
60%
0% 10% 20% 30% 40% 50% 60% 70%
Staffing for cybersecurity is sufficient to achieve a
high level of cyber resilience
Funding for cybersecurity is sufficient to achieve a
high level of cyber resilience
Too many separate security solutions and
technologies are deployed which increases
operational complexity and reduces visibility
High Performers have a greater ability
to achieve a high level of cyber
resilience
Strongly agree and Agree responses combined

Collaboration
between privacy
and cyber
security improves
cyber resilience

Organizations that implement automation recognize the
importance of the privacy role
Essential and Very important responses combined
66%
71%
65% 62%
0%
10%
20%
30%
40%
50%
60%
70%
80%
The importance of the privacy role The importance of aligning the privacy and
cybersecurity roles
High automation Overall

If alignment is essential or very important, why?
More than one response permitted
2%
48%
49%
60%
63%
0% 10% 20% 30% 40% 50% 60% 70%
Other
Increase in perceived trustworthiness
More effective approach to compliance with data
protection regulations (such as GDPR)
Less redundancy and more efficiency in both
privacy and cybersecurity operations
Reduction in silos and turf issues

How long has your organization’s
current CPO or privacy leader held
their position?
March 2019
27%
11%
19%
20%
14%
9%
0% 5% 10% 15% 20% 25% 30%
Currently, we don’t have a CPO or privacy
leader
Less than 1 year
1 to 3 years
4 to 6 years
7 to 10 years
More than 10 years

Average full-time headcount of the organization’s privacy
function today and what it should be
Extrapolated values presented
3.21
3.95
1.00
1.50
2.00
2.50
3.00
3.50
4.00
4.50
Full-time equivalent (FTE) headcount of
your privacy function today
What the full-time equivalent (FTE) privacy
headcount should be to achieve cyber
resilience

Recommendations for High Cyber Resilience
Focus on
Prevention
Build &
Deploy CSIRP
widely
Retain &
Train Talent
Invest in
Automation
Align Privacy &
Security
Value Privacy
function
Participate in Threat
Sharing

Questions?

Caveats
This study utilizes a confidential and proprietary benchmark method that has been successfully deployed in earlier Ponemon
Institute research. However, there are inherent limitations to benchmark research that need to be carefully considered before
drawing conclusions from findings.
Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of
individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that
individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the
instrument.
Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals
who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media
coverage. Finally, because we used a Web-based collection method, it is possible that non-Web responses by mailed survey or
telephone call would result in a different pattern of findings.
Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects.
While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not
provide accurate responses.

92%
79%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
It is very important to have skilled
cybersecurity professionals in a CSIRP
1 = low importance to 10 = high importance,
7+ responses reported

49%
56%
60%
61%
56%
62%
65%
66%
0% 10% 20% 30% 40% 50% 60% 70%
Leaders recognize that cyber resilience
affects brand and reputation
Leaders recognize that enterprise risks
affect cyber resilience
Leaders recognize that automation,
machine learning, artificial intelligence
and orchestration strengthens our…
Leaders recognize that cyber resilience
affects revenues
Senior management’s awareness about the
positive impact of cyber resilience on the
enterprise
Strongly agree and Agree responses combined

35%
35%
30%
23%
24%
53%
0% 10% 20% 30% 40% 50% 60%
We have too many security solutions and
technologies to achieve cyber resilience
We do not have enough security
solutions and technologies to achieve
cyber resilience
We have the right number of security
solutions and technologies to achieve
cyber resilience
What one statement best describes the
number of separate security technologies
deployed by your organization

The eight most effective security
technologies
Twenty-two technologies were listed in
the survey instrument
44%
50%
53%
53%
55%
56%
56%
69%
55%
52%
59%
53%
41%
70%
58%
52%
53%
58%
41%
71%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Intrusion detection & prevention
Network traffic surveillance
Intelligence and threat sharing *
Anti-malware solution (AVAM)
Cryptographic technologies *
Incident response platform
Security information & event management
Identity management & authentication
* Response not available in FY2016 & FY2017
FY2016 FY2017 FY2018

Some organizations do not find the
value in threat-sharing programs
Four responses permitted
3%
34%
39%
43%
43%
52%
53%
60%
73%
4%
9%
16%
11%
19%
24%
33%
43%
40%
4%
11%
16%
10%
21%
22%
33%
42%
42%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Other
Do not know about options to share
intelligence
Lack of incentives
Potential liability of sharing
Anti-competitive concerns
Risk of the exposure of sensitive and
confidential information
Cost
Lack of resources
No perceived benefit to my organization
FY2016 FY2017 FY2018
73%
of organizations
do not see a
benefit to threat-
sharing programs

Threat sharing paves the way for
collaboration between peers and
industry groups
Three choices allowed
46%
52%
55%
58%
58%
58%
58%
72%
57%
32%
52%
75%
53%
33%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Reduces the cost of detecting and
preventing data breaches
Improves the effectiveness of our incident
response plan
Enhances the timeliness of incident
response
Improves the cyber resilience of my
organization *
Improves the ability to detect, contain and
respond *
Fosters collaboration among peers,
industry groups and government
* Response not available in 2016 & 2017
FY2016 FY2017 FY2018

Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization

Similar to Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization (20)

More from IBM Security

More from IBM Security (20)

Recently uploaded

Recently uploaded (20)

Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on the Cyber Resilient Organization