201-896-4100 info@sh-law.com

Survey Reveals Many Business Executives Lack Cybersecurity Confidence

Author: Scarinci Hollenbeck|September 8, 2015

Do you lack cybersecurity confidence? Don’t worry many Business Executives don’t understand cybersecurity confidence.

Survey Reveals Many Business Executives Lack Cybersecurity Confidence

Do you lack cybersecurity confidence? Don’t worry many Business Executives don’t understand cybersecurity confidence.

As cyber threats against U.S. businesses continue to grow, most companies have increased their investment in cybersecurity. However, according to a new survey, a number of high-level business executives revealed they did not possess much cybersecurity confidence.

The March 2015 survey polled 100 security executives, 19 percent of which were at either the CISO/CSO or CIO level, regarding their cybersecurity “posture.” The term was defined to include factors such as the number of data breaches identified, how quickly responsible teams could respond, and how long critical systems were offline.

The Raytheon/Websense cybersecurity study revealed that only 31 percent of the respondents had any form of cybersecurity confidence in regards to their organizations’ security posture. The majority — 65 percent — reported that they were merely “somewhat confident.”

When asked about how well their company’s security posture was communicated to senior management, the respondents were equally as concerned. Only 28 percent felt the security metrics they used to communicate their security posture were “completely effective.” Meanwhile, 65 percent felt the metrics were only “somewhat effective.”

Why the lack of cybersecurity confidence?

The study further noted that business executives continue to rely mainly on quantitative metrics that are aimed at preventing data breaches but do little once a breach has occurred. For instance, many companies focus on alerts and incidents, which decrease in usefulness when breaches are a constant. “It is like counting mosquitos on a warm summer night,” the report quips. Meanwhile, less than 35 percent of respondents use a more informative metric, dwell time (i.e., the elapsed time from initial breach to containment), as one of their security metrics.

Given that nearly nine in ten organizations have had at least one breach and one in five had three to five breaches that resulted in a loss or compromise of data in the past year, the report argues that a new cybersecurity approach is needed that focuses on what happens in the wake of a breach as well as building stronger cybersecurity confidence among business executives.

“We know threats are going to get in so if we want to be more confident, we need to shift our thinking to qualitative metrics such as dwell time which is the elapsed time from initial breach to containment,” Ed Hammersla, president of Raytheon/Websense, said in a press statement, “Reducing the time a threat is in your network reduces damage and helps strengthen your overall security posture.”

Survey Reveals Many Business Executives Lack Cybersecurity Confidence

Author: Scarinci Hollenbeck

As cyber threats against U.S. businesses continue to grow, most companies have increased their investment in cybersecurity. However, according to a new survey, a number of high-level business executives revealed they did not possess much cybersecurity confidence.

The March 2015 survey polled 100 security executives, 19 percent of which were at either the CISO/CSO or CIO level, regarding their cybersecurity “posture.” The term was defined to include factors such as the number of data breaches identified, how quickly responsible teams could respond, and how long critical systems were offline.

The Raytheon/Websense cybersecurity study revealed that only 31 percent of the respondents had any form of cybersecurity confidence in regards to their organizations’ security posture. The majority — 65 percent — reported that they were merely “somewhat confident.”

When asked about how well their company’s security posture was communicated to senior management, the respondents were equally as concerned. Only 28 percent felt the security metrics they used to communicate their security posture were “completely effective.” Meanwhile, 65 percent felt the metrics were only “somewhat effective.”

Why the lack of cybersecurity confidence?

The study further noted that business executives continue to rely mainly on quantitative metrics that are aimed at preventing data breaches but do little once a breach has occurred. For instance, many companies focus on alerts and incidents, which decrease in usefulness when breaches are a constant. “It is like counting mosquitos on a warm summer night,” the report quips. Meanwhile, less than 35 percent of respondents use a more informative metric, dwell time (i.e., the elapsed time from initial breach to containment), as one of their security metrics.

Given that nearly nine in ten organizations have had at least one breach and one in five had three to five breaches that resulted in a loss or compromise of data in the past year, the report argues that a new cybersecurity approach is needed that focuses on what happens in the wake of a breach as well as building stronger cybersecurity confidence among business executives.

“We know threats are going to get in so if we want to be more confident, we need to shift our thinking to qualitative metrics such as dwell time which is the elapsed time from initial breach to containment,” Ed Hammersla, president of Raytheon/Websense, said in a press statement, “Reducing the time a threat is in your network reduces damage and helps strengthen your overall security posture.”

Firm News & Press Releases