The capabilities of security teams are not able to keep pace with the rapid evolution of cyber threats.
That’s the view of more than half (54 per cent) of the 600 US and UK-based senior cyber security professionals surveyed as part of RedSeal’s 2017 Resilience Report.
An identical proportion said this was down to not having the tools and resources they need, while 55 per cent said they couldn’t react quickly enough to limit damage in the event of a major security incident.
Almost four in five (79 per cent) revealed their organisation wouldn’t be able to access insights to prioritise their response to an incident.
Only one in five (20 per cent) were extremely confident their organisation would continue running as usual upon discovery of a cyber attack or breach.
Just a quarter of respondents said their organisation tests how it would respond to a major incident annually, if at all. There was also a strong correlation between the time since the last test increasing and executives’ confidence in the plan decreasing.
Ray Rothrock, chairman of cyber risk scoring service RedSeal, said: “This report underscores the urgency for the leaders of cyber strategy to pivot and aggressively pursue resilience, the ability to maintain business as usual while navigating an attack, as the new gold standard. Being prepared is the best defence.”