A third of regional firms lack a cybersecurity incident response plan

IBM Security study reveals that cybersecurity skills gap is further undermining cyber resilience

Automation in response still emerging with only 19% of the respondents said they were significant users.
Automation in response still emerging with only 19% of the respondents said they were significant users.

A third of Middle East organisations are unprepared to respond to cybersecurity incidents, a new study by IBM Security has revealed.

The study, undertaken to explore organisations’ preparedness when it comes withstanding and recovering from a cyberattack, found out that 31% of organisations do not have a cybersecurity incident response plan in place.

“Responding to a cybersecurity incident in a planned and coordinated manner can be complicated and requires specialised expertise. Therefore, having a cyber security plan in place is no longer an option,” said Dr Tamer Aboualy, partner, IBM Security Services, Middle East & Africa. “Cybersecurity attacks can be damaging financially and to the reputation of a businesses. Therefore, it is important that organisations deploy a cybersecurity incident response plan as it increases the likelihood of preventing incidents and reduces the time to detect, contain and respond to an attack.”

While studies show that companies who can respond quickly and efficiently to contain a cyberattack within 30 days save over $1 million on the total cost of a data breach on average, shortfalls in proper cybersecurity incident response planning have remained consistent over the past four years of the study. Of the organisations that do have a plan in place, almost half (49%) do not test their plans regularly, leaving them less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.

"We have seen a rise of targeted attacks in the region and globally. Advanced malware has targeted many organisations with the goal of stealing information, corrupting disks and crippling their operations. Today, it is no longer a question of being a victim of a targeted attack but how organisations will respond and remediate such threats, causing minimal impact to their operations," Dr Aboualy added.

Other study takeaways

Only 19% of the respondents said their organisation was leveraging automation.

74% of respondents reported that staffing for cybersecurity is very important to achieve a high level of cyber resilience. Furthermore, 72% of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high.

55% of respondents indicated that aligning privacy and cybersecurity roles is essential or very important.

Most Popular

Digital Edition

Subscribe today and get your copy of the magazine for free