94% of organizations experienced at least one business-impacting cyberattack in the past year

August 6, 2020

Tenable®, Inc. released a study that revealed the vast majority of organizations (94 percent) have experienced a business-impacting cyberattack in the past 12 months, according to both business and security executives. The data is drawn from ‘The Rise of the Business-Aligned Security Executive,’ a commissioned study of more than 800 global business and cybersecurity leaders conducted by Forrester Consulting on behalf of Tenable.

Business leaders want a clear picture of how at risk they are and how that risk is changing as they plan and execute business strategies. But only four out of 10 security leaders say they can answer the fundamental question, “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyberattacks. Fewer than 50 percent of security leaders said they are framing cybersecurity threats within the context of a specific business risk. For example, though 96 percent of respondents had developed response strategies to the COVID-19 pandemic, 75 percent of business and security leaders admitted their response strategies were only “somewhat” aligned.

Organizations with security and business leaders who are aligned in measuring and managing cybersecurity as a strategic business risk deliver demonstrable results. Compared to their siloed peers, business-aligned security leaders are:

Eight times more likely to be highly confident in their ability to report on their organizations’ level of security or risk.
- 90 percent are very or completely confident in their ability to demonstrate that cybersecurity investments are positively impacting business performance compared with 55 percent of their siloed counterparts.
- 85 percent have metrics to track cybersecurity ROI and impact on business performance versus just 25 percent of their siloed peers.
Organizations with business-aligned cybersecurity leaders are also:
- Three times more likely to ensure cybersecurity objectives are in lock step with business priorities.
- Three times more likely to have a holistic understanding of their organization’s entire attack surface.
- Three times more likely to use a combination of asset criticality and vulnerability data when prioritizing remediation efforts.

“In the future, there will be two kinds of CISO -- those who align themselves directly with the business and everyone else. The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment,” said Renaud Deraison, Chief Technology Officer and co-founder, Tenable. “We believe this study shows that forward-leaning organizations view cybersecurity strategy as essential to innovation and that when security and the business work hand-in-glove, the results can be transformational.”

To read the full study, visit https://www.tenable.com/analyst-research/forrester-cyber-risk-report-2020.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

94% of organizations experienced at least one business-impacting cyberattack in the past year

Related Articles

Related Products

Related Events

Report Abusive Comment