The Ponemon Institute recently completed research, sponsored by IBM Resilient, entitled “The 2019 Cyber Resilient Organization,” which surveyed more than 3,600 security and IT professionals around the world to determine organizations’ ability to maintain their core purpose and integrity in the face of cyber-attacks.

According to IBM, the research found that “a vast majority of organizations surveyed are still unprepared to properly respond to cybersecurity incidents, with 77 percent of respondents indicating they do not have a cybersecurity incident response plan applied consistently across the enterprise.”

Following the results of IBM/Ponemon’s 2018 study on the cost of a data breach, which showed that companies that respond quickly and efficiently to contain a cyber-attack within 30 days save over $1 million on average, this study shows that organizations are still falling short when it comes to planning for an incident and testing the incident response plan.

Almost half of the respondents admitted that, since they do not have an incident response plan in place, they are not in full compliance with GDPR.

Significantly, 62 percent of those surveyed state that aligning the privacy and cybersecurity teams of the organization “is essential to achieving resilience” and that data privacy has become a top priority in organizations.

Finally, the survey found that more than half of those surveyed (54 percent) do not test their incident response plans regularly, “which can leave them less prepared to effectively manage the complex processes and coordination” following an attack.

Message: developing, implementing and testing an incident response plan saves money. According to this research, it is a sound investment.