Security response planning is more popular than ever among businesses, but many are still struggling to contain attacks.
According to a new report from IBM, organisations have improved their ability to plan, detect and respond to cyberattacks. Five years ago, only 18 percent of respondents had security response plans in place, which has risen to 26 percent today (an increase of 44 percent).
However, companies' ability to actually contain an attack declined by 13 percent over the same period.
IBM claims one of the reasons for this decline is the increasing number of tools IT security personnel use on a daily basis. Businesses using 50 or more security tools ranked themselves as less well-equipped to detect and respond to an attack than those juggling fewer tools.
The apparent lack of specific playbooks for common attack types was also cited as problematic. Among those with a formal security response plan, just a third had playbooks in place, which accounts for roughly 17 percent of all respondents.
Although the improvement in planning is commendable, there is still a lot of work to be done. The report claims most organisations see their plans as ad-hoc, and claim they are “inconsistent” when it comes to applying them.
Organisations that applied security response plans across the board, meanwhile, were less likely to experience disruption.
"While more organisations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity," said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence.
"Organisations must also focus on testing, practicing and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”