Survey Says 75% of Companies Worldwide Face ‘Significant Risk Exposure’

Significant SIEM Risk ExposureNearly three-quarters of companies worldwide are facing significant cybersecurity risk exposure, according to RSA’s Inaugural CyberSecurity Poverty Index report.

RSA characterizes the report as “the result of an annual maturity self-assessment completed by organizations of all sizes, industries, and geographies across the globe.” The assessment, which was created using the NIST Cybersecurity Framework (CSF), was completed by more than 400 security professionals across 61 countries.

The cybersecurity company conducted the survey with the stated goals of providing a measure of the risk management and security capabilities of the global population and giving organizations a way to benchmark their capabilities against peers.

Respondents were ranked on a five-point scale along the following lines: 1 – Negligent, 2 – Deficient, 3 –Functional, 4 – Developed, and 5 – Advantaged.

As noted above, overall survey results found that nearly 75 percent of respondents face significant cybersecurity risk exposure and had their overall capabilities ranked below the developed category. Out of over 400 companies surveyed, only five percent were ranked for advanced capabilities.

The report also found that the size of an organization is not an adequate indication of its security maturity. 83 percent of organizations with more than 10,000 employees indicated that they are unprepared to face modern security threats, compared to 68 percent of organizations with 1,000-10,000 employees, and 79% of those with less than 1,000 employees.

The research demonstrates a widespread feeling of unpreparedness in enterprise-level businesses worldwide, says Amit Yoran, President of RSA.  “Enterprises continue to pour vast amounts of money into next-generation firewalls, anti-virus, and advanced malware protection in the hopes of stopping advanced threats,” Yoran said in a prepared statement. Yoran suggests that organizations acknowledge that focusing on prevention alone is “a failed strategy,” and shift their focus to a strategy based on threat detection and adequate response.

You can read the report in its entirety here.

Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *