More than half of companies fail to measure the effectiveness of their cyber security
With businesses spending increasing amounts on cyber security, a new survey reveals that many of them are failing to measure the effectiveness of their investments.
The study from privileged account management specialist Thycotic found 58 percent of its 400 respondents scored a failing grade on a benchmark survey when evaluating their eﬀorts to measure their cybersecurity investments and performance against best practices.
32 percent, of companies are making business decisions and purchasing cyber security technology blindly, without any way to measure their value or effectiveness. In addition, more than 80 percent of respondents fail to include business users in making cyber security purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cyber security investments.
A worrying four out of five companies don't know where their sensitive data is located, or how to secure it. Two out of three companies don't fully measure whether their disaster recovery will work as planned, and a further four out of five never measure the success of security training investments. While 80 percent of breaches involve stolen or weak credentials, 60 percent of companies still don’t adequately protect privileged accounts.
These issues aren't restricted to big organizations either. The findings show that small businesses are targeted in two out of three cyberattacks, and that 60 percent of small businesses go out of business six months after a breach.
"It's really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices," says Joseph Carson, chief security scientist at Thycotic. "This report needed to be conducted to bring to light the reality of what is truly taking place so that companies can remedy their errors and protect their businesses."
You can read more about the results in the full report which is available to download from the Thycotic website.