Enterprise organizations are ramping up on incident response (IR) and security operations center (SOC) capabilities amid heightened concerns over data breaches, third-party risk, and loss of intellectual property. As a result, nearly half (48%) of organizations have the ability to detect a potential compromise as soon as one occurs or within minutes of it happening.
Dark Reading’s 2021 Incident Response Survey polled 215 IT and cybersecurity professionals from over 20 industries on a variety of issues that pertain to organizational ability to detect and respond to security incidents. The results reveal an upswing in SOC capabilities. A substantially higher percentage of organizations report that they have a formal SOC capability and incident response teams of 15 or more staff members.
Likely as a result of these changes, more respondents this year describe their organization as able to detect most security incidents in near-real time, or within minutes. More than half, 56%, say they remediate most security incidents within minutes or hours of occurrence, compared with 52% in last year’s survey.
Other survey highlights include:
- 21% of organizations, compared with 11% in Dark Reading’s 2020 survey, report having a dedicated IR team of 15 or more people.
- 38% of organizations currently have an SOC and another 12% plan to build one internally.
- 58% of survey respondents say that less than 10% of the security incidents they have experienced had a significant negative impact on the organization.
- 17% of IT and security leaders surveyed — compared with 10% last year — say they are most concerned about credentialed users misusing data.
- 44% of organizations report being well connected with the IR teams of business partners, or at least exchange data that might indicate a compromise.
The full report, The State of Cybersecurity Incident Response, can be read here.