More than three-quarters of cybersecurity leaders said their organizations have experienced a cyberattack in the past 12 months, a report released Monday from Sygnia showed. And 73% of the same respondents said they would not be adequately prepared to respond to a future incident.
The report, based on a survey of 600 senior cybersecurity decision managers, highlights a readiness gap that has plagued organizations for years. The report shows that, despite 99% adoption rates of formal incident response plans, many organizations have continued gaps in execution.
According to the report, there are three major issues that limit incident response capabilities:
- Organizations have difficulties in coordinating key stakeholders in the case of an attack.
- There is limited involvement of top executives or board members in incident response readiness and decision-making.
- Legal and communications matters often delay critical decisions.
In certain industries, such as healthcare, regulatory considerations frequently get in the way of a well-rehearsed incident response playbook.
The report also showed that incident response is often impacted by visibility gaps, such as the use of public cloud or software as a service.
A series of reports demonstrated major evolutions in how threat groups target and undertake cyberattacks.
They have used AI and sophisticated planning to execute ransomware and other attacks faster than ever. Threat groups have also exploited weaknesses in SaaS platforms to launch attacks against supply chains of customers.
