New RSA Breach Readiness Survey Finds Majority Not Prepared

SBIC serves as Best Practices Benchmark while 57% of industry at large never update or review Incident Response plans


  • Latest RSA Breach Readiness Survey results highlight best practices from the Security for Business Innovation Council (SBIC)
  • RSA's survey compares SBIC results to 170 respondents in 30 countries
  • Results of general population indicate 1 out of 3 surveyed do not have a formal incident response plan
  • Of the non-SBIC respondents that do have formal incident response plans, 57% indicated that they never update or review their plans

BEDFORD, MA, APRIL 7, 2015 - Today, RSA, The Security Division of EMC (NYSE: EMC), released the results of a new global breach readiness survey that covered thirty countries and compared those global results with a survey of the Security for Business Innovation Council (SBIC), a group of top security leaders from the Global 1000. Using the SBIC as a benchmark, the results suggest that the majority of organizations are not following incident response best practices and are not well prepared to face the challenges of today's advanced cyber threats. The survey report provides quantitative insights into real-world security practices and highlights gaps in technology and procedure as well as prescriptive advice from the SBIC for how to best close those gaps.

The survey focused on measures within four major areas of breach readiness and response, Incident Response, Content Intelligence, Analytic Intelligence, and Threat Intelligence. The results suggest that organizations continue to struggle with the adoption of technologies and best practices that will allow them to more effectively detect, respond to, and disrupt the cyberattacks that turn into damaging breaches.

Incident response is a core capability that needs to be developed and consistently honed to effectively face the increasing volume of cyberattack activity. The survey results indicate that while all leading edge SBIC members have developed an incident response function, 30% of at-large organizations surveyed do not have formal incident response plans in place. Furthermore, of those who do have a plan, 57% admit to never updating or reviewing them.

Content Intelligence in the survey measured awareness gained from tools, technology and processes in place to identify and monitor critical assets. While all SBIC members have a capability to gather data and provide centralized alerting, 55% of the general survey population lacks this capability rendering them blind to many threats. Identifying false positives still proves a difficult task. Only 50% of the general respondents have a formal plan in place for identifying false positives while over 90% of SBIC members have automated cyber-security technologies and a process to update information to reduce the chances of future incidents.

Most organizations recognize that basic log collection through SIEM systems only provides partial visibility into their environment. In the general survey, 72% of survey participants have access to malware or endpoint forensics, however, only 42% of survey participants have capabilities for more sophisticated network forensics, including packet capture and net flow analysis.

External threat intelligence and information sharing is also a key activity for organizations to stay up-to-date on attackers' current tactics and motives. The survey results indicated that only 43% of the survey participants at large are leveraging an external threat intelligence source to supplement their efforts. Finally, attackers continue to exploit known but unaddressed vulnerabilities in damaging breaches. Despite this common knowledge, the survey found that 40% of the general population does not have an active vulnerability management program in place, making it more challenging to keep their security programs ahead of attackers.


Dave Martin, Chief Trust Offer, RSA, The Security Division of EMC
“Organizations are struggling to gain visibility into operational risk across the business. As business has become increasingly digital, information security has become a key area of operational risk and while many organizations may feel they have a good handle on their security, it is still rarely tied in to a larger operational risk strategy, which limits their visibility into their actual risk profile. ”

Ben Doyle, Chief Information Security Officer, Thales Australia and New Zealand
“People and process are more critical than the technology as it pertains to incident response. First, a security operations team must have clearly defined roles and responsibilities to avoid confusion at the crucial hour. But it is just as important to have visibility and consistent workflows during any major security crisis to assure accountability and consistency and help organizations improve response procedures over time.”


The Security for Business Innovation Council is a group of top security leaders from Global 1000 enterprises committed to advancing information security worldwide by sharing their diverse professional experiences and insights. The Council produces periodic reports and digital content that explores information security's central role in enabling business innovation.



EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset — information — in a more agile, trusted and cost-efficient way. Additional information about EMC can be found at


RSA’s Intelligence Driven Security solutions help organizations reduce the risks of operating in a digital world. Through visibility, analysis, and action, RSA solutions give customers the ability to detect, investigate and respond to advanced threats; confirm and manage identities; and ultimately, prevent IP theft, fraud and cybercrime. For more information, please visit