The survey from RSA, a division of EMC, focused on for key areas: incident response, content intelligence, analytic intelligence, and threat intelligence. The study compared its results with a Security for Business Innovation Council (SBIC) survey to draw some interesting conclusions. The bottom line: organizations are still striving to adopt technologies and strategies that help them detect, respond to and ultimately disrupt cyberattacks that open the door to damaging breaches.

“Organizations are struggling to gain visibility into operational risk across the business,” said Dave Martin, chief trust officer at RSA. “As business has become increasingly digital, information security has become a key area of operational risk and while many organizations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile.”

The findings of the study suggest incident response is a core capability that organizations need to develop and consistently hone to deal with the increasing volume of cyberattack activity. Although leading-edge SBIC members have developed an incident response function, 30 percent of at-large organizations do not have formal incident response plans. What’s more, 57 percent of those that do never review or update them.

Read Full Article