This morning, cyber exposure solution provider Tenable released their Measuring and Managing the Cyber Risks to Business Operations Report. The report, conducted by the Ponemon Institute, explores cyber exposure and business cost measurements across the world.
The Measuring and Managing the Cyber Risks to Business Operations Report also examined the effects of business-disrupting cyber events. Attacks which cause significant work process disruption or downtime qualify as business-disrupting cyber effects.
According to the Tenable and Ponemon Institute Measuring and Managing the Cyber Risks to Business Operations Report:
- 60% of enterprises globally suffered two or more business-disrupting cyber effects over the past two years.
- 91% suffered at least such event.
- Only 29% of IT and InfoSec professionals have sufficient visibility into their attack surfaces.
- 58% have inadequate cybersecurity staff for vulnerability scanning.
One of the key themes in the Tenable Measuring and Managing the Cyber Risks to Business Operations Report is the inadequate measuring of business-disrupting cyber effects. 54% of enterprises do not measure the costs of cyber risks. Of the enterprises that do measure these business costs, 62% do not report confidence in their metrics’ accuracy. A majority of enterprises state they don’t measure key performance indicators when assessing their cyber risks.
Bob Huber, Chief Security Officer at Tenable, said in a statement: “In today’s digital economy, cyber risk equates to business risk. It’s shocking to learn that organizations are suffering business-impacting cyber events yet are struggling to accurately measure the resulting financial cost.”
“This study powerfully highlights that most organizations have not implemented security metrics that reflect cybersecurity’s role as a core business function. CISOs need reliable metrics to help them make educated decisions on the allocation of resources, investments in technology and the prioritization of threats.”
Latest posts by Ben Canner (see all)
- The Top Ten Capabilities for AWS SIEM for Enterprises - May 23, 2019
- Forecast: The Gartner 2019 SIEM Magic Quadrant - May 17, 2019
- LogRhythm Releases LogRhythm Cloud—a Cloud-Based SIEM Solution - May 16, 2019