Connect with us

Hi, what are you looking for?


Management & Strategy

Poor Planning Can Impact Security Response

Benjamin Franklin said that “if you fail to plan, you are planning to fail.” Few places can this been seen more keenly than in cybersecurity.

Benjamin Franklin said that “if you fail to plan, you are planning to fail.” Few places can this been seen more keenly than in cybersecurity.

Despite the aforementioned quote, many organizations are failing to prepare to respond to security incidents. According to findings in a report from Trustwave set to be officially announced tomorrow, 21 percent of the IT and security professionals they surveyed said their businesses do not have incident response procedures in place. In addition, some 19 percent said they had not implemented and tested a disaster recovery plan.

“Many companies do have plans but they are out-of-date and/or not relevant,” said Phil Smith, senior vice president of government solutions and special investigations at Trustwave. “Many were put together to satisfy an audit or security program but have not been maintained, implemented or tested. Most of the cases where we are involved in responding to an actual data breach, we either don’t find an incident response readiness plan in place or one that is outdated and/or never tested.”

Security Response PlanningUp-to-date business continuity plans were about as common as incident response plans, as nearly a quarter of the 476 respondents said they did not have plans that were current. Twenty-percent said their organization did not have a process that enabled the reporting of security incidents.

“Where there is no plan in place we often see a delay in an organization’s ability to respond to an incident because they are spending critical time trying to get themselves organized and identifying the correct people who have access to the infected systems and decision makers who can provide direction,” Smith said.

Advertisement. Scroll to continue reading.

Earlier this year, a survey of 340 C-level execs, auditors, IT directors and managers by consulting firm Protiviti had similar findings as the Trustwave report, with more than a third of the respondents stating their organization lacks a formal and documented crisis response plan to execute in the event of a breach or attack.

At the executive level, the research uncovered mixed levels of involvement in cybersecurity. Forty percent said they have board-level management fully taking an active role in security matters, while 12 percent said they weren’t involved at all.

“For board members to properly understand security and risk, and to enable them to make the right choices, you must provide them with easy-to-understand and accurate information,” according to the Trustwave report.

The numbers were slightly higher when it came to senior-level management, with 52 percent describing them as fully active. Just five percent said they were not active at all.

“Companies where security starts at the top with the board and executives are typically in a much better security posture,” Smith said. “While that doesn’t necessarily mean they won’t experience a security incident, they will be in a much better position to respond and contain an incident. Executives that have a better understanding of security and an incident response process will allow their teams to focus on the event and not distract them by requiring information during the initial critical phases. If it’s practiced then the executives know when they can expect information and a plan.”

The full report is available online in PDF format.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.