Key Observations from the Cybersecurity Preparedness Benchmarking Study
Despite a strong focus on cybersecurity culture, many organizations do not believe their cybersecurity programs are fully effective. 45% of respondents reported that they needed to improve security awareness and training.
Current employees are the likely cause behind most cybersecurity breaches. Respondents reported that current employees were the likely source of 45% of data breach incidents, followed by 22% of incidents caused by hackers and 13% by former employees.
Viruses and malicious software are the most common breaches. Respondents reported that infections from viruses or malicious software accounted for 39% of all data breaches, followed by system failures or data corruption accounting for 35% of breaches.
Organizations mainly rely on cybersecurity assurances from external service providers and vendors. While 63% of respondents ensured that contracts included provisions for cybersecurity and 41% obtained the right to audit the provider’s security, only 23% actually tested the cybersecurity of their external service providers and vendors.
Most organizations do not have strategies for the emerging fields of the Internet of Things or Big Data. 90% of respondents do not have a cybersecurity strategy for the Internet of Things, and 86% do not have a strategy for Big Data.
Organizations lack confidence in their cybersecurity incident response capability. 65% of respondents reported having a formal cyber incident response plan, and 60% incorporated regulatory and government notification protocols for breaches. However, when asked if their organization was well equipped to handle a cyber breach, 51% of respondents were neutral or disagreed.
Organizations anticipate an increase in information security budgets. 54% of respondents reported that they expected an increase in their 2016 cybersecurity budget. However, 48% of respondents reported they were neutral or disagreed when asked if leadership allocated adequate budget for cybersecurity efforts.
Learn about our Benchmarking and Strategic Research Practice.
View our methodology.
Join our cyber mailing list.
View our recent cyber webinar.