News | BRG press release

BRG Releases Cybersecurity Preparedness Benchmarking Study

September 8, 2016

BRG released today its Cybersecurity Preparedness Benchmarking Study, detailing findings about cybersecurity practices from a survey of leading global organizations. The study focuses on six primary topics: Leadership, Information Governance, Risk Management, Essential Protection, Incident Response and Security Culture. BRG teamed with the Institute of Operational Risk to conduct the survey in the first two quarters of 2016.

Respondents provided views on the state of their organizations’ cybersecurity preparedness, upcoming trends, and information on matters such as the role of the board, the executive and senior management and, where chief information security officers (CISO) exist, the degree of influence and reporting line within their organizational structure.

“Our findings highlight a number of shortcomings in current practices and opportunities for organizations to improve their cybersecurity programs,” said Faisal Amin, BRG’s Director of Strategic Benchmarking. “Strong cyber governance, supported through independent benchmarking, ensures organizations have a systematic and proactive approach to managing prevailing and emerging cyber threats. It also ensures that cyber risks are appropriately considered and managed at all levels within an organization.

“We are very pleased to work with BRG on such an important initiative. Every day, our members are managing operational risk, including cyber risk, within their respective risk management frameworks,” said George Clark, Chair of IOR. “Uniquely, this study provides real-world insights on the relative strengths and weaknesses of organizations. We believe this greatly informs the debate on how to improve organizational readiness.”

Key findings include:

  • Despite a strong focus on cybersecurity culture, many organizations do not believe their cybersecurity programs are fully effective.
  • Current employees are the likely cause behind most cybersecurity breaches.
  • Viruses and malicious software are the most common breaches.
  • Organizations mainly rely on cybersecurity assurances from external service providers and vendors. Most organizations do not have strategies for the emerging fields of the “Internet of Things” or “Big Data.
  • Organizations lack confidence in their cybersecurity incident response capability.
  • Organizations anticipate an increase in information security budgets.

BRG will present the study findings at international conferences and events beginning with the IOR London on 9 September. Find out more regarding the study and its findings.

Study Contacts

BRG: Faisal Amin and Phil Rowley

IOR: George Clark and Alan Dunk


Related Professionals

Faisal Amin



Philip Y. Rowley

Executive Director & Chief Revenue Officer

San Francisco Bay Area