Security Boulevard: Survey Finds Lag in Crisis Response Planning

A recent survey from security firm Immersive Labs found that many organizations don’t hold crisis simulations more than once a year, and the majority of organizations when holding such exercises only do so with IT teams.

The study, conducted by Osterman Research, is based on a survey of senior security professionals at 402 organizations based in the U.S. and UK. According to the survey, “Cyber Crisis Response: Fit for Today’s Threat Landscape,” 40% of respondents are not confident that their organization would be able to handle an imminent data breach.

A quarter of those surveyed said that they run crisis exercises without including senior cybersecurity leadership, and only 20% included communication teams. And about half of those surveyed said that they don’t include professionals from various domains in their incident response exercises and of those organizations that do tap professionals across business units, they said they only meet once a month.