Companies unprepared to measure incident response

Companies struggle to keep up with and respond to cyberattacks due to lack of resources, according to Demisto. For example, more than 40 percent of respondents said their organizations are not prepared to measure incident response, and only 14.5 percent of respondents are measuring MTTR (Mean Time to Respond).

measure incident response

While organizations are hit with an average of nearly 350 incidents per week, 30 percent of respondents reported they have no playbooks, runbooks or other documentation for incident response actions.

The study also validated the known security staff shortage issues with new findings. More than 90 percent of the respondents indicated they are challenged finding experienced employees with the necessary skill sets. The study found it takes an average of 9 months from the initiation of a hiring requisition until the new hire is fully trained.

Since the need is frequently identified long before the hiring process begins, companies are without a resource – from the point where a need is identified until the point they have fully trained analysts – for almost a year. On the retention side, more than one-third of IR staff leaves within 3 years.

measure incident response

Key findings of the research

  • When asked about the areas where automation can help, 54 percent of respondents asserted that security operations and incident response are the two top priorities for them at this time.
  • Although 47.3 percent of respondents believed that automating threat hunting would provide immediate benefits, barely 12 percent had actually automated their threat hunting.
  • While 54 percent of respondents believed that automating incident response would provide immediate benefits, only 10.9 percent had already automated this facet.
  • When asked about the number of incidents occurring weekly, respondents reported dealing with an average of 346.42 incidents per week — and requiring an average of 2.28 days to resolve an incident.
  • When asked how many people in the respondents’ organizations were dedicated solely to incident response, 17.6 percent responded that there were none and 22.3 percent stated that there were only one or two.
  • According to respondents, the biggest incident response challenges are working with a large number of information security tools (37.7 percent), followed by responding to a large number of incidents (36.1 percent), and not having enough time (34.4 percent).
  • According to respondents, 40.4 percent feel there are significantly more alerts than can be handled by their staff, while 47.4 percent report it is hard to know which alerts to prioritize.