Survey finds companies are still not prepared for major security incidents
They say you never miss something until it's gone. That's especially true when it comes to corporate networks. And with outage incidents on the rise, top executives at most companies are now focusing on major incident management as they never did before.
That's the finding of a newly released survey of 400 IT professionals at large companies, conducted by the research firm Dimensional Research on behalf of the cloud communications company xMatters. The vast majority of survey respondents, 82 percent, reported that they and the C-Suite are in alignment when it comes to dealing with major incidents. Perhaps top executives are now focusing on incidents because there are so many of them. In the survey, 90 percent of respondents reported incidents several times a year, and 60 percent said they had major incidents every month.
But although incidents are more frequent, most companies still aren't well prepared to deal with them. Only 52 percent of respondents had a dedicated response team in place to deal with incidents and only 44 percent had dedicated staff members for whom incident resolution was a full-time job. At the same time, respondents admitted, their IT organizations were not up to snuff on preventing or managing outages. Of the respondents who have service level agreements (SLAs) their departments are supposed to meet, 75 percent reported failing to meet them. And of those who have target incident resolution times for solving IT problems, 76 percent reported that they frequently fail on those metrics as well.
As in many situations, communication matters almost more than service, the survey found. More than half of respondents reported that business stakeholders were more frustrated by a lack of timely communication about an incident than they were by the incident itself.
Nobody likes an outage, and it appears we're having too many of them. Smart CIOs should respond by exploring the possibility of creating a dedicated response team. And whatever you do, make sure communications are open, immediate, and clear when something goes wrong.