A new IBM/Ponemon Study released late last week, 2016 Cyber Resilient Organization, reveals that only 32 percent of IT and security professionals believe that their organization has a “high” level of cyber resilience.

The study interviewed 2,400 IT and security personnel across the world. The study shows that 66 percent of those professionals believe that their organization is not ready to respond or recover from a cyber attack, and 75 percent admitted that their organization does not have a formal cyber incident response plan in place. On top of that, 52 percent say that if a plan is in place, it has not been reviewed or updated since it was implemented.

The professionals indicated that the top barrier to resilience is “insufficient planning and preparedness,” as well as the complexity of IT processes and business processes.

The study shows that everyone is struggling and trying to keep up with hackers, new malware, and ransomware and trying to recover from attacks while still performing day to day work on keeping systems up and running so the business units can function. It is a difficult balance, but has to be addressed in order to protect the systems and recover as quickly as possible from an intrusion.