Study reveals organisations unable to respond to and resolve a cyber-attack

cyber-security-passwordAccessData, the leader in incident resolution solutions, and the Ponemon Institute released new findings focused on the current state of incident response and threat intelligence and how both can be improved to better benefit organisations.  The report, Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organisations, sponsored by AccessData, surveyed 1,083 CISOs and security technicians in the United States and EMEA about how their company handles the immediate aftermath of a cyber-attack and what would help their teams more successfully detect and remediate these events.

Startling findings show that the lack of incident detection and investigation puts companies and their CISOs’ jobs at significant risk. In fact, when a CEO and Board of Directors asks a security team for a briefing immediately following an incident, 65% of respondents believe that the briefing would be purposefully modified, filtered or watered down. Additionally, 78% of respondents believe most CISOs would make a “best effort guess” based on limited information, and they would also take action prematurely and report that the problem had been resolved without this actually being the case.

This alarming disconnect results from several critical shortcomings in the current point solution approach to cybersecurity and incident response (IR), namely:

  • Lack of timely compromise detection: 86% of respondents say detection of a cyber-attack takes too long;
  • Inability of point solutions to prioritise alerts as they come in: 85% say they suffer from a lack of prioritisation of incidents;
  • Lack of integration between point solutions: 74% say poor or no integration between security products negatively affects response capabilities; and
  • An overwhelming number of alerts paralysing IR efforts: 61% say too many alerts from too many point solutions also hinders investigations.

“When a cyber-attack happens, immediate reaction is needed in the minutes that follow, not hours or days,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “It’s readily clear from the survey that IR processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies’ and clients’ time, resources and money are not lost in the immediate aftermath of the event.”

Further, the respondents also shared growing concerns about the inability to find the root cause of a compromise. While 66% of respondents believe determining root cause of prior incidents enables them to strengthen defenses, 38% of respondents say determining the root cause of a compromise could take a year while an alarming 41% believe they would never be able to identify the root-cause of security events with certainty.

Lastly, integrated threat intelligence – a hugely promising approach to arming CISOs with the latest indicators of compromise (IOC) information and ability to confirm threats – appears to be largely unusable by current security products, with a full 59% of respondents saying they are not able to efficiently and effectively use threat intelligence with their existing security products.

“Today, companies focus primarily on the protective aspect of their information security,” said Craig Carpenter, Chief Cybersecurity Strategist at AccessData. “While protection is obviously important, this research reinforces the critical need for organisations to invest in automated IR technology integrating security, forensics and eDiscovery solutions to facilitate not just incident response, but incident detection, investigation and resolution. CISOs are clearly saying their disparate tool sets are not keeping up with the threats they face. What they need is an incident resolution platform that doesn’t just integrate alerts from myriad point solutions, but makes intelligence actionable and automates significant portions of the IR process, allowing them to focus on the most pressing incidents.”

Additional key findings revealed that current security products make it difficult to import multiple threat intelligence feeds or quickly investigate mobile devices:

  • 40% say none of their security products support imported threat intelligence from other sources
  • 86% rate the investigation of mobile devices as difficult
  • 54% say they are not able to or unsure of how to locate sensitive data such as trade secrets and personally identifiable information (PII) on mobile devices

More Information:

www.accessdata.com – www.ponemon.org

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Holiday Inn

Holiday Inn hit by ‘cyber attack’

The owner of the Holiday Inn chain of hotels has confirmed bookings on its website and apps have been facing disruption after…

Videosoft partners with Cradlepoint

Videosoft Global has announced a partnership with Cradlepoint, a leader in cloud-delivered 5G and LTE wireless network edge solutions.

Videosoft partners with Cradlepoint

Videosoft Global has announced a partnership with Cradlepoint, a leader in cloud-delivered 5G and LTE wireless network edge solutions.

ManageEngine releases SaaS version of Analytics Plus

ManageEngine today announced that its IT analytics product, Analytics Plus, is now available as a SaaS offering.

Videosoft partners with Cradlepoint

Videosoft Global has announced a partnership with Cradlepoint, a leader in cloud-delivered 5G and LTE wireless network edge solutions.

ManageEngine releases SaaS version of Analytics Plus

ManageEngine today announced that its IT analytics product, Analytics Plus, is now available as a SaaS offering.
ransomware attacks

Cybereason warns against ransomware attacks from Black Basta gang

Cybereason warns against ransomware attacks from Black Basta gang. Cybereason, the XDR company, has issued a global threat alert
organisations

UAE organisations showing concern over cyberattacks

84% of organisations in the UAE are bracing for the fallout from an email-borne attack in the year ahead amid a growing volume of threats.
NinjaOne

NinjaOne hires former Head of Security at Splunk

NinjaOne, the unified IT operations platform for managed service providers (MSPs) and IT departments, announces Mike Arrowsmith as its new
IT security

The convergence of physical and IT security

“The age of IoT and AI means that physical and IT security are no longer separate domains. Instead, everything is connected, and you need to converge your
Scroll to Top