IBM Study: Security Response Hindered by Tool Overload, Outdated Plans

IBM survey finds majority of organizations don’t have plans in place for common attacks

Organizations may have stepped up their security postures but the lack of structure and proper management still made networks vulnerable, if not more vulnerable than before. This is one of the key findings in the global survey conducted by Ponemon Institute and sponsored by IBM Security at the fifth annual Cyber Resilient Organization Report.

The report titled “2019 Cost of a Data Breach Report” reveals that the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Companies that have incident response teams and extensively test their incident response plans spend an average of $1.2 million less on data breaches than those who have both of these cost-saving factors in place.

IBM: COVID-19 accelerated digital transformation

IBM launches free platform offers AI, cloud, cybersecurity lessons

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” said Wendi Whitmore, VP of IBM X-Force Threat Intelligence. “Organizations must also focus on testing, practicing, and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complex challenges and speed the time it takes to contain an incident.”

Security response playbook

The survey also found more surveyed organizations have adopted formal, enterprise-wide security response plans over the past five years of the study; growing from 18% of respondents in 2015 to 26% in this year’s report (a 44% improvement).

The efforts for some organizations seem scattered as evidenced by the lack of their own playbook that should be based on common attack types. The survey reveals that only one third (representing 17% of total respondents) have developed specific playbooks and have plans for emerging attack methods like ransomware lagged even further behind.

The survey found that even among organizations with a formal cybersecurity incident response plan (CSIRP), only 33% had playbooks in place for specific types of attacks. While among the minority of responding organizations who do have attack-specific playbooks, the most common playbooks are for DDoS attacks (64%) and malware (57%). While these methods have historically been top issues for the enterprise, additional attack methods such as ransomware are on the rise. While ransomware attacks have spiked nearly 70% in recent years only 45% of those in the survey using playbooks had designated plans for ransomware attacks.


There is an increase in cybersecurity awareness judging by the number of security tools coming up in the market. However, this development confuses some organizations and has a negative impact across multiple categories of the threat lifecycle among those surveyed. Organizations using 50+ security tools ranked themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack, than those respondents with fewer tools.

Companies with formal security response plans applied across the business were less likely to experience significant disruption as the result of a cyberattack. Over the past two years, only 39% of these companies experienced a disruptive security incident, compared to 62% of those with less formal or consistent plans.

This year’s report suggests that surveyed organizations that invested in formal planning were more successful in responding to incidents. Amongst respondents with a CSIRP applied consistently across the business, only 39% experienced an incident that resulted in a significant disruption to the organization within the past two years compared to 62% of those who didn’t have a formal plan in place.

Looking at specific reasons that these organizations cited for their ability to respond to attacks, security workforce skills were found to be a top factor. 61% of those surveyed attributed hiring skilled employees as a top reason for becoming more resilient; amongst those who said their resiliency did not improve, 41% cited the lack of skilled employees as the top reason.