IT disaster recovery, cloud computing and information security news

Most companies fail to measure cybersecurity effectiveness and performance

Details
Published: Thursday, 27 July 2017 15:29

Thycotic has released its first annual 2017 State of Cybersecurity Metrics Report, an analysis of key findings from Thycotic's Security Measurement Index (SMI), a benchmark survey of more than 400 global business and security executives.

According to the 2017 Report, 58 percent of the 400 respondents in the survey scored an "F" or "D" grade when evaluating their organization's efforts to measure their cybersecurity investments and performance against best practices.

"It's really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices," said Joseph Carson, chief security scientist at Thycotic.

With companies and governments around the world spending more than $100 billion a year on cybersecurity, a substantial number, 32 percent, of companies are making business decisions and purchasing cyber security technology blindly. Even more disturbing, more than 80 percent of respondents fail to include business users in making cybersecurity purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cybersecurity investments.

Additional key findings from the 2017 State of Cybersecurity Metrics Report include:

  • One in three companies invest in cybersecurity technologies without any way to measure their value or effectiveness.
  • Four out of five companies don't know where their sensitive data is located, nor how to secure it.
  • Four out of five companies fail to communicate effectively with business stakeholders and include them in cybersecurity investment decisions.
  • Two out of three companies don't fully measure whether their disaster recovery will work as planned.
  • Four out of five never measure the success of security training investments.
  • While 80 percent of breaches involve stolen or weak credentials, 60 percent of companies still do not adequately protect privileged accounts - their keys to the kingdom.
  • Small businesses are targeted in two out of three cyber attacks.

Download the 2017 State of Cybersecurity Metrics Report (registration required).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Cyber Response Guide
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.