informa

Tech News and Analysis

2 min read
DR Technology

Prevention Takes Priority Over Response

Cybersecurity teams continue to emphasize intrusion prevention over incident response, despite US government action.

While few cybersecurity professionals are putting all of their eggs into the intrusion prevention basket, one-third are favoring intrusion prevention over incident response (IR) at a proportion of 80/20 or more.

That's according to a May 2022 Dark Reading report, titled "Breaches Prompt Changes to Enterprise IR Plans and Processes." The 2022 Incident Response Survey polled 188 IT and cybersecurity professionals about their IR capabilities.

A total of 34% of respondents said they prefer to put 80% (21% of respondents), 90% (10% of respondents), or 100% (3% of respondents) of their resources into intrusion prevention over IR. Another 34% also prioritized prevention, with 21% preferring a 70/30 split and 13% dropping to 60/40. Less than a quarter (24% in total) weighted the two approaches evenly or favored IR over prevention, with 13% of that total backing an even split of resources. Eight percent didn't have an opinion.

The numbers from 2021 were very similar, with only a slight shift toward a more even distribution of resources. For example, the 80/20 split was only 18% in 2021, whereas 60/40 and 50/50 both sat three points higher at 16% apiece versus 2022's 13%.

These results back up the overall perception that organizations still put more effort into preventing intrusions than remediating them. For example, a 2021 survey by Wakefield Research, on behalf of Red Canary, Kroll, and VMware, showed that 36% of companies didn't have a detailed incident response plan in place. And last year's Strategic Security Survey by Dark Reading revealed high levels of interest in perimeter defense techniques, with 72% saying that intrusion prevention and detection measures were effective or highly effective.

Pressure from the US government and cyber insurance companies might swing the pendulum toward IR, however. Indeed, in March 2022, US President Joe Biden signed into law the Cyber Incident Reporting Act, which requires critical infrastructure industries to report intrusions quickly and act to remediate them. While that law will apply only to the 16 sectors considered critical, it points the way for other organizations looking to build an IR plan.

For more, download the whole report.