75% have major security problems
In the Cybersecurity Poverty Index from RSA, the security division of EMC, 400 security professionals from 61 countries provide an assessment of their organization's security posture.
Organizations around the world still have major deficits in risk management and security systems designed to protect them from cyberattacks. How well prepared they are is independent of company size, industry or location. This is the latest finding of the Cybersecurity Poverty Index. According to EMC, two results stand out in particular: First, companies are unable to measure and assess their cyber risk. This makes it difficult or impossible to prioritize security activities. Secondly, the study shows that companies mainly rely on perimeter security to prevent the intrusion of attackers from the Internet. But this measure is not enough against today's security threats.
The key findings of the study are:
- 75 percent of the specialists surveyed see significant IT security risks for their company, but rate their security level as too low.
- Only five percent rate their security level as outstanding.
- Almost two-thirds of respondents rate their security level as too low in all categories.
- Surprisingly, large organizations are not better protected: More than 83 percent of organizations with more than 10,000 employees are ill-prepared for today's threats, compared to 79 percent of companies with fewer than 1,000 employees.
- Two-thirds of respondents have already been victims of cyberattacks - but only 22 percent of these consider themselves better protected today than before the attack. Companies therefore have major problems in improving their systems, even if they have already had a bad experience.
- Etc.
The study, based on the NIST Cybersecurity Framework (CSF), provides insight into how organizations self-assess their own cybersecurity performance based on 18 questions, according to EMC. The answers provide insight into the five key functions of any security strategy:
- Identify: Recognize hazards and take defensive measures
- Protect: Deployment and further development of security technologies
- Detect: Detect potential threats
- Respond: Analysis of attacks and targeted response
- Recover: Recovery of affected systems
You can set your own security level here test