Majority of Companies Are Failing at Cyber Security Metrics and Investing Blindly

Thycotic has released the research results from its Security Measurement Index survey. The resulting “2017 State of Cyber Security Metrics Annual Report“ identifies how companies worldwide are measuring the effectiveness and success of their cyber security strategy.

The report is far from comforting

Companies and governments world-wide are often just one click or one password away from being hacked and held to ransom to the tune of thousands–and sometimes millions–of dollars, for the return of their sensitive and critical data. Whether it’s medical research, pharmaceutical or logistic information, or financial details, companies are walking on thin ice when it comes to cyber security. Even worse, they have no systems in place to gauge whether or not their cyber security strategies are actually working for them.

Investing in cyber security with little more than high hopes

The report reveals that more than half of companies are failing when it comes to evaluating cyber security investments and performance against well-known standards and best practices.

80% of companies’ leaders and executives are not happy with the cyber security metrics from which they have to make critical business decisions.

Eighty percent of companies’ leaders and executives are not happy with the cyber security metrics from which they have to make critical business decisions, and, as a result, these companies invest blindly in cyber security technologies with nothing more than high hopes that they’ll work.

One way of viewing the matter is in numbers

Numbers are critical components of our digital world. They enable us to mathematically track, count, measure, label and value the world in which we conduct our lives. It is bits and bytes that make our connected world function, determine how data gets from one place to another, and shape how we measure progress. And numbers are key to tracking business value and risk: two critical key metrics when determining how much cyber security we need to protect our businesses and reduce the risk of breaches that threaten our privacy and commerce. Thycotic’s survey was designed to directly address how we measure the success of our defense against cyber threats.

37% of respondents … were unable to measure how effectively they are preventing and reducing their risk of cyber attacks.

While some of the results are truly shocking, others will leave you less surprised as to why cyber security attacks are so successful. But what is perfectly clear is that companies will need to do more to ensure they protect and secure the data that makes them successful.

• 37% of respondents lacked any visibility into cyber security metrics, and were unable to measure how effectively they are preventing and reducing their risk of cyber attacks.
• 32% of companies are investing in cyber security blindly and without a strategic plan.
• 80% of companies had no idea where their sensitive data is located or whether it is secure.

What are some of the cyber security challenges companies are facing today?

Sometimes cyber security is simply too complex. Many companies have invested in technologies that claim to solve all the problems. However, when it comes to getting them working. the these technologies are so complex that proper installation takes years—and that’s even before they get integrated into existing cyber security investments.  When a platform’s documentation is hundreds of pages long and it takes highly skilled resources to ensure it’s working, it becomes clear why the industry is short of cyber security professionals.

The reasons companies are failing in cyber security include:

• Inadequate resources
• Not enough time
• Lack of knowledge
• The solution is too expensive

These are the key problems, and they must be solved in order for companies to be secure.

So, what is a company to do?

Given these constraints, cyber security solutions need to automate processes and simplify the management required to deploy and maintain. Complex, manual, labor-intensive solutions can not only impede productivity but can actually increase risks to the organization if they are not embraced by the staff that must use them on a regular basis.

For cyber security solutions to be successful they need to be automated, they need to be simple—not complex, they must not require highly skilled professionals to implement them–and they must be cost effective and add value to the company.

Is the cyber security of your company, small or large, important to you?

If cyber security is important to your company, then it’s time to make sure you are in complete control of your cyber security metrics. Have the critical data you need to make the right cyber security decisions, and implement a cyber security strategy that is right for your business.

Download the full 2017 State of Cyber Security Metrics Annual Report here.

Joseph Carson is a Cyber Security Professional with 20+ years’ experience in Enterprise Security & Infrastructure. Joseph is a Certified Information Systems Security Professional (CISSP). An active member of the Cyber Security community and a frequent speaker at Cyber Security events globally, Joseph is also an adviser to several cyber security conferences.

Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.