RSA characterizes the report as “the result of an annual maturity self-assessment completed by organizations of all sizes, industries, and geographies across the globe.” The assessment, which was created using the NIST Cybersecurity Framework (CSF), was completed by more than 400 security professionals across 61 countries.
The cybersecurity company conducted the survey with the stated goals of providing a measure of the risk management and security capabilities of the global population and giving organizations a way to benchmark their capabilities against peers.
Respondents were ranked on a five-point scale along the following lines: 1 – Negligent, 2 – Deficient, 3 –Functional, 4 – Developed, and 5 – Advantaged.
As noted above, overall survey results found that nearly 75 percent of respondents face significant cybersecurity risk exposure and had their overall capabilities ranked below the developed category. Out of over 400 companies surveyed, only five percent were ranked for advanced capabilities.
The report also found that the size of an organization is not an adequate indication of its security maturity. 83 percent of organizations with more than 10,000 employees indicated that they are unprepared to face modern security threats, compared to 68 percent of organizations with 1,000-10,000 employees, and 79% of those with less than 1,000 employees.
The research demonstrates a widespread feeling of unpreparedness in enterprise-level businesses worldwide, says Amit Yoran, President of RSA. “Enterprises continue to pour vast amounts of money into next-generation firewalls, anti-virus, and advanced malware protection in the hopes of stopping advanced threats,” Yoran said in a prepared statement. Yoran suggests that organizations acknowledge that focusing on prevention alone is “a failed strategy,” and shift their focus to a strategy based on threat detection and adequate response.
You can read the report in its entirety here.
Latest posts by Jeff Edwards (see all)
- How to Stop Ransomware Attacks like WannaCry - May 22, 2017
- WannaCry Did Not Start with a Phishing Attack, Experts Say - May 22, 2017
- Watch: What You Need to Know About Big Data Security Analytics - May 19, 2017