79% Indian firms lack hacking response plan: IBM

IBM. (Photo: Twitter/@IBM)

New Delhi,  Nearly 79 per cent of Indian firms do not have a computer security incident response plan (CSIRP) in place that is applied consistently across operations, a new IBM-Ponemon Institute study said on Thursday.

In the past two years, 51 per cent of Indian organisations surveyed experienced a data breach and 56 per cent experienced a cyber security incident, revealed the study conducted by US-based Ponemon Institute on behalf of IBM Security.

Of the organisations that do have a CSIRP in place, 57 per cent do not test plans regularly or at all.

Only 23 per cent reported using automation significantly in their organisation, the findings showed.

“In India, Incident Response (IR) strategy is at a nascent stage and organisations are beginning to conceive this as an integral part of risk mitigation and resilience plan,” said Vaidyanathan Iyer, Security Software Leader, IBM India/South Asia.

“Considering the lack of a well-developed and tested IR in an organisation’s cyber resiliency strategy, enterprises need to evaluate and implement the right tools at the earliest,” Iyer added.

The IBM-Ponemon study found that globally, 77 per cent of respondents indicated they do not have a cybersecurity incident response plan applied consistently across the enterprise.

Studies show that companies who respond quickly and efficiently to contain a cyberattack within 30 days save over $1 million on the total cost of a data breach on average.

“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a programme,” expressed Ted Julian, Vice President of Product Management and Co-Founder, IBM Resilient.

Only 30 per cent of the respondents reported that staffing for cybersecurity is sufficient to achieve a high level of cyber resilience while 62 per cent indicated that aligning privacy and cybersecurity roles is essential to achieving cyber resilience within their organisations.