Organisations failing to measure cybersecurity effectiveness » Charity Digital News

Organisations failing to measure cybersecurity effectiveness

Charities are being encouraged to measure the effectiveness of their cyber security investment after new research suggested organisations are failing to check if they’re spending money well.

Thycotic’s first annual 2017 State of Cybersecurity Metrics Report found that more than half respondents in the survey (58%), scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.

The survey, which analyses key findings from a Security Measurement Index (SMI) benchmark, is based on internationally accepted standards for security embodied in ISO 27001, as well as best practices from industry experts and professional associations.

With global companies and governments spending more than $100 billion a year on cybersecurity defences, a substantial number, 32% of companies are making business decisions and purchasing cyber security technology blindly. Even more disturbing, more than 80% of respondents fail to include business users in making cybersecurity purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cybersecurity investments.

Additional key findings from the report include:

• One in three companies invest in cybersecurity technologies without any way to measure their value or effectiveness.
• Four out five companies don’t know where their sensitive data is located, and how to secure it.
• Four out of five fail to communicate effectively with business stakeholders and include them in cybersecurity investment decisions.
• Two out of three companies don’t fully measure whether their disaster recovery will work as planned.
• Four out of five never measure the success of security training investments.
• While 80% of breaches involve stolen or weak credentials, 60% of companies still do not adequately protect privileged accounts—their keys to the kingdom.
• Small businesses are targeted in two out of three cyberattacks.
• Sixty percent of small businesses go out of business six months after a breach.

“It’s really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices,” said Joe Carson, Chief Security Scientist at Thycotic. “This report needed to be conducted to bring to light the reality of what is truly taking place so that companies can remedy their errors and protect their businesses.

“We put out this report not only to show the errors that are being made, but also to educate those who need it on how to improve in each of the areas that are lacking. “Our report provides recommendations associated with better ways to educate, protect, monitor and measure so that improvements can be implemented.”

To download the full 2017 State of Cybersecurity Metrics Report and view all the findings from the Security Measurement Index benchmark survey, click here.

Related reading

Coworkers Team Modern Office Place.Account Managers Work New Business Idea Startup Presentation.Woman Touching Hand Digital Tablet Screen.Desktop Computer Wood Table.Blurred,Film Effect.Horizontal