Automation could hold the key to developing faster and more effective cyber security responses, a global computing giant has revealed.
Yet despite its promise, the vast majority of Australian businesses are failing to make use of the technology in their response process.
Commissioned by IBM and produced by Ponemon Institute, the fourth annual Cyber Resilient Organisation study surveyed 3,655 global IT professionals from different organisations, including 226 from Australia.
“Less than one-quarter of Australian respondents said their organisation significantly uses automation technologies like identity management and authentication, incident response platforms and security information and event management (SIEM) tools in their response process,” said Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security.
“This is a missed opportunity to strengthen cyber resilience.
“Globally, organisations that fully deploy security automation save $1.55 million on the total cost of a data breach compared to those that don’t.”
The research also suggests that automation has the greatest benefit to a company’s cyber defences when “used extensively”.
High automation can prevent security incidents, increase cyber resilience, maximise the benefits of threat intelligence sharing and reduce the complexity in the IT infrastructure.
It is also suggested in the report that the use of automation increases awareness of the importance of having skilled cyber professionals.
Almost all (86%) of the respondents in organisations that reported “extensive use” of automation said they were more likely to recognise the importance of having cyber professionals.
And while the value of automation in cyber security is apparent, the report explains that it is the people that truly create a strong cyber posture.
When asked what were the steps that needed to be taken to significantly improve cyber resilience, 62% of respondents listed hiring skilled personnel.
Despite this, hiring the right cyber professionals still provides an issue in itself.
“Only 30% of global respondents reported that their cybersecurity staffing is sufficient for a high level of cyber resilience,” said Nancarrow.
“This skills gap undermines cyber resilience, as understaffed organisations are unable to properly manage resources and needs, and maintain and test their incident response plans.”
Three quarters (75%) of respondents considered the difficulty of hiring and retaining skilled cyber professionals as moderately high to high.