According to an IBM study , the “vast majority” of organizations today are unprepared to respond effectively to a serious security incident. Most often, this is due to chronic resource issues and inadequate planning. · In 2019, it took organizations an average of 206 days to identify a data breach and another 73 days to contain it, a nearly 5% increase over the year before. · The total average cost of a data breach for the largest organizations was $5.11 million (about $204 per employee). For smaller organizations, the average was $2.65 million (about $3,533 per employee). The higher proportional costs for smaller firms can “hamper their ability to recover financially from the incident”. · Less than a quarter of those surveyed have a cybersecurity incident response plan (CSIRP) that is applied consistently across the entire enterprise. Another 49% say they either don’t have a CSIRP at all or that their CSIRP is informal or “ad hoc”. · Of those organizations that do have CSIRPs, more than half fail to test and maintain them on a regular basis due to ongoing team staffing issues.