Report shows retail and healthcare sectors lagging behind in security
It's easy to assume that security threats hit all industry sectors equally. However, a new report by security data analysis specialists BitSight shows big differences in effectiveness and performance across four key industries.
The report looks at S&P 500 companies in the finance, utilities, retail, and healthcare sectors from April 2013 to March 2014. It includes data on the average number of security incidents, the most prevalent types of malware, and how long they take to fix.
Based on the data BitSight assigns a security rating score to each company and sector. The finance industry does best with an overall rating of 782. Although the number of incidents involving finance company networks increased over the survey period, it was quicker to detect and respond to them than other industries.
The utilities industry is also vulnerable to cyber attacks but the major players are good at protecting their internet-facing assets. The sector is highly regulated and has strong guidelines, it gets a rating of 751.
Partly thanks to last year's large scale data breaches at Target and elsewhere, the retail industry does less well. The number of security events in this sector increased by almost 200 percent over the survey period. The industry gets a rating score of 685 though the report notes that 14 of the S&P 500 retailers showed significant increase in their security ratings with a median rise of 60 points.
Bringing up the rear comes the healthcare and pharmaceuticals industry with a rating of 660. This sector saw the largest percentage increase in security incidents over the survey period. Unlike the finance and utility companies healthcare businesses don't view cyber security as a strategic business issue. The sector has also had a number of problems with theft and physical loss of laptops, servers and other devices that hold patient and personal data.
The report concludes that whilst no sector is immune to cyber attack some industries are taking the threat more seriously than others. BitSight’s CTO, Stephen Boyer says, "Effective risk management and detailed security plans are becoming selling points, making information security a competitive differentiator".
For more information on the report and how to reduce your security risk visit the BitSight website.