In a recent survey to understand cybersecurity readiness in organizations, we asked readers to tell us how they approach their planning for cybersecurity incident response. Below are the results, based on 770 respondents.

  • Less than half (43%) mentioned their organization have a well-defined written plan for preventing cyber security attacks and nearly a quarter (22%) said they do not have a plan. More than a third (35%) don’t know.
  • Those that have a prevention plan credit the following: CISO strategy (55%), board/executive direction (44%) and legal requirements (32%).
  • When it comes to recovery, only 37% of respondents mentioned their organization have a well-defined written plan for cyber security attacks. Meanwhile, 21% say they don’t have a plan and 42% don’t know.
  • For those that do believe in the recovery plan, reasons cited include: Downtime/loss of productivity (50%), data exposure (41%), financial costs (39%) and operational costs (37%).
  • Survey participants believe the plan should be defined, developed, and distributed by the CEO, primarily (29%). However, almost as many respondents (25%) think the CSO/CISO/VP Security should bear that responsibility, while just 16% think the task falls to the CTO/VP Technology/VP Products.

For those who participated, thank you very much. Please share your views by participating in our new survey on cybersecurity responsibility within organizations. All responses are kept anonymous.

Take the survey now by visiting