63 percent of American security practitioners don’t report to their C-Suite board on a regular basis. In fact, 40 percent say they don’t report at all. Continuous security validation provider AttackIQ, working with the Ponemon Institute, discovered these findings in a survey of 577 IT practitioners. You can read it here.
Additionally, AttackIQ and Ponemon Institute also learned:
- 69 percent of American security practitioners say their enterprise security focuses on reactions and incidents.
- 63 percent say their IT security leadership needs better monitoring tools to improve their communication and security infrastructure effectiveness.
- Also, 56 percent report their IT security infrastructure suffers from coverage gaps.
- Simultaneously, only 24 percent of respondents say they have a mature measurement program for their cybersecurity.
- 40 percent of respondents say they do not qualify and track the company IT security posture at all.
Some Comments on The Security Practitioners Survey
Representatives from both the Ponemon Institute and AttackIQ commented on the discoveries in their survey.
First, Larry Ponemon—founder and chairman of Ponemon Institute—shared his thoughts. “Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it sends the message that cybersecurity is not a mission-critical issue.”
“The board of directors and C-suite typically come under fire when their organization suffers a data breach or other security incident, and therefore must be involved in enforcing a proactive approach to identifying and remediating security gaps.”
Meanwhile, Brett Galloway—CEO of AttackIQ—offered his comments. “Data breaches and other security incidents continue to plague enterprises, shining a light on the need for companies to shift to a proactive approach to ensuring a strong security posture.”
You can read more about the security practitioners survey from AttackIQ and Ponemon Institute here. Also, you can read our 2019 SIEM Buyer’s Guide here for more on the top vendors and their key capabilities; our SIEM Vendor Map can provide other crucial data.