Failure to measure Cybersecurity
According to the 2017 State of CyberSecurity Metrics Report, global companies and governments spend on cyber security more then a hundred billion dollars while 32 percent of the companies are purchasing security technology blindly. On top of that, the more shocking discovery is that 80 percent of the respondents stated that they do not involve business users in cyber security purchases. In addition, more then half of the respondents scored either a “D” or an “F” in terms of their efforts to measure cyber security performance and investments against best practices.
Additional key findings from the report include:
- One in three companies invest in cybersecurity technologies without any way to measure their value or effectiveness.
- Four out of five companies don’t know where their sensitive data is located, or how to secure it.
- Four out of five fail to communicate effectively with business stakeholders and include them in cybersecurity investment decisions.
- Two out of three companies don’t fully measure whether their disaster recovery will work as planned.
- Four out of five never measure the success of security training investments.
- While 80 percent of breaches involve stolen or weak credentials, 60 percent of companies still do not adequately protect privileged accounts—their keys to the kingdom.
- Small businesses are targeted in two out of three cyberattacks.
- Sixty percent of small businesses go out of business six months after a breach.