Sixty percent of organizations globally have suffered two or more business-disrupting cyber events, such as attacks causing data breaches or significant disruption to business operations in the last 24 months. More than 90 percent of the survey’s respondents suffered at least one such event during the same time period.
This information comes from the “Measuring and Managing the Cyber Risks to Business Operations Report” conducted by Ponemon Institute and Tenable, a Maryland-based cybersecurity vendor.
The study also found that the majority of organizations (54 percent) are not measuring, and therefore don’t understand, the business costs of cyber risk, thereby impacting their abilities to make risk-based business decisions backed by accurate and quantifiable metrics.
Of those organizations that measure the business costs of cyber risk, 62 percent are not confident their metrics are actually accurate. Thus, decisions about the allocation of resources, investments in technologies and the prioritization of threats are being made without critical information — such as the costs of IP theft, loss of revenue or loss of productivity.
“It’s shocking to learn that organizations are suffering business-impacting cyber events yet are struggling to accurately measure the resulting financial cost,” said Bob Huber, CSO of Tenable. “This study powerfully highlights that most organizations have not implemented security metrics that reflect cybersecurity’s role as a core business function. CISOs need reliable metrics to help them make educated decisions on the allocation of resources, investments in technology and the prioritization of threats.”
The survey was completed by 2,410 IT and security professionals in the United States, United Kingdom, Germany, Australia, Mexico, and Japan. All respondents have a role in the evaluation and/or management of investments in cybersecurity solutions within their organization.
The data suggest that channel professionals with reliable means of accurate measurement have a competitive advantage in gaining customer confidence and subsequent sales contracts.