According to the results of a new study by IDC and Palo Alto Networks on the maturity of cyber resilience, it is clear that the influence of senior management is becoming increasingly important - but not necessarily from CISOs.

• 72 percent of all respondents stated that members of senior management are the main driving force behind the focus on cyber resilience. Only 17 percent of them attribute overall responsibility to the Chief Information Security Officer (CISO). The Chief Information Officers (CIOs) are responsible for 29 percent of respondents, while 22 percent consider the Chief Technology Officers (CTOs) to be responsible and 19 percent the heads of the business units.
• In the DACH region, the CISOs are given the greatest responsibility.
• 38 percent of CISOs in EMEA and LATAM believe that their cyber resilience is mature.
• Only 40 percent of companies in EMEA and LATAM believe they can survive a cyberattack without major disruption.

Challenges during implementation

Although 78% of companies in EMEA and LATAM recognize the importance of cyber resilience, only 38% of companies surveyed in DACH see the topic as a priority. In addition, the shortage of skilled workers and the lack of new security technologies prevent aspirations and reality from coinciding in the implementation of cybersecurity measures. Companies also cite a lack of integration options between different products as a challenge when implementing cybersecurity solutions.

The study also points to a number of technological challenges:

• The use of mature cybersecurity controls for cyber resilience is at only 11 percent among respondents in EMEA and LATAM.
• Most organizations rely on business continuity plans (74 percent), disaster recovery plans (72 percent), ransomware recovery plans (54 percent) and crisis management strategies (51 percent).
• In the DACH region, only 15 to 19 percent of CISOs regularly test their recovery plans. This is well below the average for all countries surveyed (28%) and shows the discrepancy between the intention and execution of cybersecurity measures.

Klaus Bürg, VP & Managing Director EMEA at Palo Alto Networks, says: "Many organizations do not yet have the resources to implement cyber resilient threat defense technology. Instead, they must rely heavily on tactics such as disaster recovery, which are designed to respond to incidents rather than prevent them. This leaves organizations exposed to more threats and unable to plan for future risks."

Investments in new technologies should help bridge the gap between cyber strategy and execution. According to the results of the study, companies in the DACH region are focusing their investments on cloud and network security - the biggest attack vectors at present. Bürg would also like to see a cultural change: "The 'culture of cyber awareness' is the most important element of cyber resilience, which must be located at board level and work top-down. Then the right technology will determine the success of the cyber resilience strategy," he concludes.