RESEARCH TRIANGLE PARK – A new security report from IBM warns that while more companies are better prepapred to to detect and respond to a cyberattack a growing number are unable to contain such an attack despite having more tools to do so.

IBM Security worked with Ponemon Instititue for the fifth annual Cyber Resilient Organization Report.

Companies have over the past several years “slowly improved” defense capabilities, the report notes. But “their ability to contain an attack has declined by 13% during this same period,” IBM says.


Too many tools and a lack of a “playbook” for attack response.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence, about the report and its implications.

“Organizations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

A whopping 74% of companies surveyed report are “still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all,” the report adds.

However, companies that are prepared report $1.2 million less damage on average from a cyberassault, IBM says.

Here are key findings of the report, according to IBM:

  • Slowly Improving: More surveyed organizations have adopted formal, enterprise-wide security response plans over the past 5 years of the study; growing from 18% of respondents in 2015, to 26% in this year’s report (a 44% improvement).
  • Playbooks Needed: Even amongst those with a formal security response plan, only one third (representing 17% of total respondents) had also developed specific playbooks for common attack types — and plans for emerging attack methods like ransomware lagged even further behind.
  • Complexity Hinders Response: The amount of security tools that an organization was using had a negative impact across multiple categories of the threat lifecycle amongst those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with less tools.
  • Better Planning, Less Disruption: Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

The full report is available online.