Organisations across the world are finding it harder than ever to handle cyber security events, a Ponemon Institute report has found.
The Third Annual Study on the Cyber Resilient Organization revealed that:
- 64% of respondents said the volume of incidents has increased;
- 65% said the severity of incidents has increased; and
- 57% said the time it takes to resolve an incident has increased.
To reduce these problems, Ponemon Institute emphasises the need for organisations to commit to cyber resilience. This approach combines cyber security and business continuity management, helping organisations avoid an ‘all or nothing’ outlook to information security. It enables them to defend against disruptions but also put in place measures to make sure they survive and recover should their defences not be enough.
Cyber resilience
According to the report, only 31% of respondents said they had an adequate cyber resilience budget in place. However, senior staff’s awareness of the approach has increased from 47% in 2015 to 57% in 2017.
They also believe that their organisation’s cyber resilience is improving rapidly. In 2016, 52% of respondents said their cyber resilience processes had improved in the past twelve months; this jumped to 72% in 2017.
The most commonly cited reasons for this improvement were:
- The appointment of more skilled personnel (61%);
- Improved information governance practices (60%);
- Better visibility into applications and data assets (57%);
- Implementation of new technology, such as automation and AI (47%); and
- Elimination of silo and turf issues (39%).
Cyber resilience doesn’t only help organisations respond to cyber security incidents – it also improves their revenues, brand and reputation. Additionally, it helps organisations comply with the Network and Information Systems Regulations (NIS Regulations, aka the NIS Directive).
The NIS Regulations and cyber resilience
The Regulations state that organisations must:
- Implement appropriate technical and organisational measures to secure their network and information systems;
- Account for the latest developments and consider the security risks in their systems;
- Take appropriate measures to ensure service continuity in the event of security incidents; and
- Promptly notify the relevant supervisory authority of any significant security incident.
Adopting cyber resilience can help organisations meet each of these requirements and avoid disciplinary action.
You can learn more about the NIS Regulations and how cyber resilience can help by reading our NIS Regulations compliance guide. This free green paper covers:
- The NIS Directive’s requirements and the UK government’s implementation approach;
- The proposed assurance regime;
- Which organisations are in scope;
- The proposed security requirements for compliance; and
- How you can implement a compliance programme to meet the NIS Regulations’ requirements.
You might also be interested in our NIS Regulations infographic, which breaks down the key information into bite-sized chunks and is an ideal reference tool.
