Back Arrow

A third of organisations without data breach plan

Posted on Feb 15, 2019.

article image

The Ponemon Institute has recently conducted a survey including more than 600 cybersecurity professionals revealing some very concerning statistics. The report found that 1/3 of businesses lack the time and resources needed to prevent future cyber attacks that could result in a data breach.

Cyberattacks and data breaches are constantly on the rise with the increase in the amount of data being made available through the internet, and with that comes vulnerabilities within organisations that hackers will take advantage of. The report found that 60% of businesses were affected by data breaches last year, and over 59,000 data breaches have been reported in the EU since the introduction of GDPR. Organisations with vulnerabilities such as remote workers can be prime targets for hackers, so what can be done to prevent this?

The Ponemon Institute report found that the main barriers organisations are facing are:

  • Vulnerability patch management.

  • Correctly skilled staff needed to maintain basic bug resolution procedures.

Further research revealed that 85% of workers said that their organisation's staffing levels were too low to maintain a "strong cybersecurity posture", and only 15% of workers said that their patching efforts were "highly effective".

Vulnerabilities left unpatched:

A common problem when it comes to maintaining and securing business' vulnerabilities is being able to decide which vulnerabilities are the ones that could impact them. Furthermore, it becomes even more difficult for the organisation when lack of visibility prevents them from seeing into increasingly complex networks.


The survey also found that 69% of workers said their businesses only scan their systems for vulnerabilities once a month or less, and 49% of workers only scan their systems for vulnerabilities on either an ad-hoc or quarterly basis. 67% of workers said that they do not have the time or the resources to mitigate every single vulnerability that could be exploited by hackers, and 63% of workers said that the "inability to act on a large number of resulting alerts and actions" is a serious security problem.

Ultimately, patching, regular scanning and having a skilled workforce are the major obstacles in cybersecurity that the Ponemon Institute report has identified. High performing organisations in terms of cybersecurity claim that having the ability to automatically discover unmanaged assets helps a lot. Furthermore, being able to analyse vulnerabilities in IoT, BOYD and third-party systems is important, and being able to analyse unpatched systems and other attack vectors.

The founder and chairman of the Ponemon Institute, Larry Ponemon, spoke to and said:

"From this research, it is clear that most enterprises recognise not only are they under-resourced in finding and managing their vulnerabilities, but they also have gaps around assessing the risks and getting full visibility across their IT assets, which no doubt led to the low confidence vote in their ability to avoid a data breach."

Business Assessment

Stay Updated

Follow us on LinkedIn to stay up to day about the industry and any of our news.

Follow Us