Skip to content ↓ | Skip to navigation ↓

Organizations around the globe remain unprepared to prevent, detect and respond to cyber attacks, revealed a recent study conducted by the Ponemon Institute.

The 2016 Cyber Resilient Organization study surveyed over 2,400 security and IT professionals from the U.S., U.K., France, Germany, United Arab Emirates, Brazil and Australia.

Of the respondents, 66 percent say their organization is not prepared to effectively recover from cyberattacks. Furthermore, only 32 percent believe their organization has a high level of cyber resilience – down from 35 percent in 2015.

The majority of respondents (66 percent) identified “insufficient planning and preparedness” as the number one barrier to achieving cyber resilience. Respondents also listed “complexity of IT processes” and “insufficient risk assessment” among the biggest challenges.

Meanwhile, a whopping 75 percent of respondents admit they do not have a formal cyber security incident response plan (CSIRP) that is applied consistent across the organization.

“This year’s Cyber Resilience study shows that organizations globally are still not prepared to manage and mitigate a cyberattack,” said Resilient CEO and Co-Founder John Bruce, who sponsored the study, in a press release.

Additional key takeaways from the study include:

  • 53% of respondents say they suffered at least one data breach in the past two years.
  • 74% of respondents say they faced threats as a result of human error in the past year.
  • Over the past two years, respondents say they have been compromised by malware (74%) and phishing (64%) on a frequent basis.
  • 41% of respondents say the time to resolve a cyber incident has increased or increased significantly; only 31% say it has decreased or decreased significantly.


To learn more, read the 2016 Cyber Resilient Organization Executive Summary (PDF).