Are your organization’s systems secure? Are they equipped to prevent security attacks? Detect and eliminate threats quickly? We hate to be alarmist, but research shows there’s a good chance the answer is no.
In a recent report on the state of enterprise security operations, IDC and Splunk reveal some alarming findings on companies’ vulnerability to and preparedness for security attacks:
- 62 percent of companies are being attacked at least weekly, 20 percent are being attacked daily, and 10 percent are being attacked hourly or more.
- Only 27 percent of companies say they are equipped to cope comfortably with security incidents.
- 75 percent say they have no managed incident response plan.
The list goes on, but the takeaway is that, while security threats are coming fast and hard, the majority of companies are woefully underprepared. And when a business is unable to prevent security threats — and unable to combat them effectively when they do occur — the consequences can be dire. Customer data is at risk, regulatory compliance may be in jeopardy, and the company’s reputation among customers, investors, and the general public is on the bottom line.
What’s more, IDC and Splunk’s research found that, when companies are dealing with attacks reactively instead of proactively, the human resources cost is high, as well. 83 percent of companies report that dealing with any given incident requires two people or more, and 55 percent report that each incident requires more than two hours to resolve. Consider that the majority of businesses are attacked weekly or more, and the time and manpower add up quickly, equating to at least one full-time employee dedicated solely to incident response for many businesses.
That’s a lot of time and money spent on preventable issues instead of mission critical strategic initiatives.
On the other hand, effective incident response has a powerful positive impact on both the brand reputation and the business’ bottom line. 56 percent of survey respondents indicated that adopting incident response capabilities led to a lower operational cost of security, and half noted that adoption played a significant role in protecting the brand’s reputation: