Commissioned by security outfit Lancope, the report shows that Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing today’s organisations. The Ponemon Institute research surveyed 674 IT and IT security professionals in the United Kingdom and United States who are involved in their organization’s CSIRT activities. The study concludes with key recommendations for organisations looking to improve their incident response process.
The report found that 68 percent of respondents say their organisation experienced a security breach or incident in the past 24 months. 46 percent say another incident is imminent and could happen within the next six months. However management is largely unaware of cyber security threats with 80 percent of respondents reported that they don’t frequently communicate with executive management about potential cyber-attacks against their organisation.
Organisations are not measuring the effectiveness of their incident response efforts with half of respondents do not have meaningful operational metrics to measure the overall effectiveness of incident response. Some security breaches remain unresolved for an entire month even when most organisations said they could identify a security incident within a matter of hours. CSIRTs lack adequate investments and half of all respondents say that less than 10 percent of their security budgets are used for incident response activities, and most say their incident response budgets have not increased in the past 24 months.