When it comes to IT security readiness, progressive companies averaged 24 percent sales growth during the past three years, compared to 6 percent for passive organizations.

That’s according to AT&T’s new report, The CEO’s Guide to Cyberbreach Response. During one recent 12-month period, AT&T logged more than 245,000 Distributed Denial of Service (DDoS) alerts across its global data network.

In the report, AT&T reveals that in 2015, 62 percent of organizations reported having a security breach, while 66 percent of companies said they do not have an effective incident-response plan in place. On a global scale, AT&T sees roughly 30 billion malicious scans and 400 million spam messages on its IP network per day.

Jason Porter, AT&T vice president of security solutions, tells Channel Partners that every piece of the ecosystem should have plans and protections in place to help keep an organization safe.

“This report can help solution providers better understand what to think through when helping their business customers plan and prepare for a potential security incident,” he said. “It’s important that every organization prepare a plan for a security incident before it happens, and the channel can add tremendous value in helping their business customers develop a cybersecurity response plan. The first step is to develop a cross-functional team, which should include the business customer’s senior leadership, legal, internal security and IT experts, communications teams, and any additional third-party consultants or experts as appropriate.”{ad}

More business and IT leaders are accepting the grim reality that either DDoS or emerging strains of ransomware will be successful, according to the report.

“Our most important finding is that 62 percent of companies reported that they experienced a breach in the past year,” Porter said. “With this in mind, the fact that only 34 percent of organizations do not yet have a proper incident response plan in place, was the most surprising.”

The report identifies four types of organizations: progressive, with the highest level of preparedness; proactive, with above-average levels of security; reactive, with below average levels of readiness; and passive, the least-prepared organizations run by executives who take a hands-off stance.

Seventy-four percent of the best-prepared organizations have a sophisticated and comprehensive program in place that assesses their breach response capabilities and includes a clear plan for diagnosis, response, forensics and remediation, according to AT&T.

Progressive companies saw their profit margin grow by 20 percent, compared to 3 percent for passive companies; and their customer satisfaction increased 22 percent, compared to 2 percent for those that are passive.

Every progressive organization in the report has invested in …

{vpipagebreak}

… forensic tools, compared with just 28 percent of passive companies.

Successful incident response programs begin well before a breach occurs, and should be built as part of a broader business continuity strategy. Along with the tools and systems required to identify and respond to breaches, an incident-response program requires two core components:

Progressive organizations, according to the report, share several key qualities. For example, C-level executives at progressive companies understand they are targets of breaches, helping them to take a more pragmatic approach to incident planning and response.

In addition, they are more likely to focus as much on readiness assessments and diagnosis planning as they do on post-breach diagnosis and response; and they perform near constant security reviews and use third-party service providers to supplement the bandwidth of their internal security teams.

“Businesses of all shapes and sizes should make security a part of every business decision,” Porter said. “The first step to do so should be planning for a security incident. In 2015, security incidents caused major enterprises an average of 23 hours of downtime. SMBs averaged nearly 14 hours of downtime. This kind of disruption can translate into lost revenue and a damaged brand reputation that a plan could have helped prevent.”

Preparation is the key to a robust breach response. To ensure that your organization can react quickly and limit damage, you should: