According to the results of a recent survey of 100 North American IT professionals with knowledge or responsibility for their organization’s incident response processes and technologies, 98 percent of respondents admitted having challenges with their incident response capabilities.
The survey, conducted by the Enterprise Strategy Group (ESG) and sponsored by Hexadite, also found that 71 percent of respondents said incident response has become more difficult at their organizations over the past two years.
The most frequently cited challenges were monitoring processes from end to end (47 percent), keeping up with the volume of threat intelligence (46 percent), and keeping up with the volume of security alerts (43 percent).
The security skills gap is a key issue — 91 percent of respondents said incident response efficiency and effectiveness are limited by the time and effort required for manual processes, and 91 percent said they’re actively trying to increase the size of their incident response staff.
“The resources being dedicated towards incident response show that it’s a growing priority for organizations that are trying to find a solution for the challenges presented by rising alert volumes and the lack of skilled analysts to handle them,” Hexadite CEO and co-founder Eran Barak said in a statement.
Sixty-two percent of respondents have already taken action to automate incident response processes, and another 35 percent are planning to do so within the next 18 months.
Fully 91 percent of respondents said their organization’s spending on incident response will increase over the next two years, and 40 percent said that spending will increase significantly. No respondents had plans to decrease spending.
A separate survey of 619 U.S. executives and employees who work in privacy and compliance found that the number of organizations that have a data breach preparedness plan in place increased from 61 percent in 2013 to 86 percent in 2016.
However, the survey, sponsored by Experian and conducted by the Ponemon Institute, also found that 38 percent of organizations surveyed have no set time period for reviewing and updating that plan, and 29 percent haven’t reviewed or updated it since it was put in place.
Just 39 percent of respondents practice their plan at least twice a year.
Only 27 percent of respondents are confident in their ability to minimize the financial and reputational consequences of a data breach, and 31 percent lack confidence in dealing with an international incident.
Fifty-six percent of respondents aren’t confident they could deal with a ransomware incident, and only 9 percent have determined under what circumstances they would pay a ransom if hit with ransomware.
“When it comes to managing a data breach, having a response plan is simply not the same as being prepared,” Experian Data Breach Resolution vice president Michael Bruemmer said in a statement. “Unfortunately, many companies are simply checking the box on this security tactic.”
“Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills,” Bruemmer added.
A recent eSecurity Planet article looked at 5 steps to a better incident response plan.