Almost 79% of Indian companies have not implemented a computer security incident response plan (CSIRP) consistently across the entire enterprise, a study from IBM and the Ponemon Institute revealed.
According to the study, 51% of Indian organisations surveyed witnessed a data breach and 56% had cybersecurity incidents in the past two years.
Among the organisations that have a security plan in place, 57% do not test them on a daily basis and only 23% have automated processes significantly at their firms, the study found.
With 77% of the companies surveyed lacking a cybersecurity incident response plan, the majority are still unprepared to properly respond to breaches.
While studies show that companies who can respond quickly and efficiently to contain a cyber attack within 30 days save over $1 million on the total cost of a data breach on average, shortfalls in proper cybersecurity incident response planning have remained consistent over the past four years of the study.
According to the study, the difficulties of implementing a cybersecurity incident response plan has also impacted businesses’ compliance with the General Data Protection Regulation (GDPR).
Nearly half of the respondents (46%) stated that their organisation are yet to be fully compliant with GDPR, even as the one-year anniversary of the legislation quickly approaches.
“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program,” said Ted Julian, vice president of Product Management and co-Founder, IBM Resilient.
The 2019 Cyber Resilient Organization is the fourth annual benchmark study on Cyber Resilience. The global survey features insights from more than 3,600 security and IT professionals from around the world, including the United States, Canada, United Kingdom, France, Germany, Brazil, Australia, Middle East and Asia Pacific.