Among the many topics that battle for risk managers’ attention, cybersecurity incident response planning is one that repeatedly surfaces each year with escalating frequency. Yet surprisingly, according to a 2018 Ponemon Institute study, only 24% of companies have a cybersecurity incident response plan (IRP) implemented consistently across the enterprise.
Unquestionably, every company must prioritize capital expenditures, staffing and time across the wide expanse of business priorities. However, IRPs are no longer something that can be put off or addressed casually. The growing stringency of security standards and federal requirements, not to mention the very real possibility of irreparable damage from a breach, make inaction a failing proposition for enterprises of all sizes.