Most Companies Failing to Measure Cybersecurity Effectiveness and Performance

July 27, 2017

More than half of respondents to a survey scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

The 2017 State of Cybersecurity Metrics Report said that lobal companies and governments spend more than $100 billion a year on cybersecurity defenses, yet a substantial number, 32 percent, of companies are making business decisions and purchasing cyber security technology blindly. Even more disturbing, more than 80 percent of respondents fail to include business users in making cyber security purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cybersecurity investments.

Additional key findings from the report include:

One in three companies invest in cybersecurity technologies without any way to measure their value or effectiveness.
Four out of five companies don’t know where their sensitive data is located, or how to secure it.
Four out of five fail to communicate effectively with business stakeholders and include them in cybersecurity investment decisions.
Two out of three companies don’t fully measure whether their disaster recovery will work as planned.
Four out of five never measure the success of security training investments.
While 80 percent of breaches involve stolen or weak credentials, 60 percent of companies still do not adequately protect privileged accounts---their keys to the kingdom.

Small businesses are targeted in two out of three cyberattacks.
Sixty percent of small businesses go out of business six months after a breach.

https://thycotic.com/resources/cybersecurity-metrics-report-2017/

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Most Companies Failing to Measure Cybersecurity Effectiveness and Performance

Related Articles

Related Products

Report Abusive Comment