Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comSurvey Reveals Many Business Executives Lack Cybersecurity Confidence
Author: Scarinci Hollenbeck, LLC|September 8, 2015
Do you lack cybersecurity confidence? Don’t worry many Business Executives don’t understand cybersecurity confidence.
Survey Reveals Many Business Executives Lack Cybersecurity Confidence
Do you lack cybersecurity confidence? Don’t worry many Business Executives don’t understand cybersecurity confidence.
As cyber threats against U.S. businesses continue to grow, most companies have increased their investment in cybersecurity. However, according to a new survey, a number of high-level business executives revealed they did not possess much cybersecurity confidence.
The March 2015 survey polled 100 security executives, 19 percent of which were at either the CISO/CSO or CIO level, regarding their cybersecurity “posture.” The term was defined to include factors such as the number of data breaches identified, how quickly responsible teams could respond, and how long critical systems were offline.
The Raytheon/Websense cybersecurity study revealed that only 31 percent of the respondents had any form of cybersecurity confidence in regards to their organizations’ security posture. The majority — 65 percent — reported that they were merely “somewhat confident.”
When asked about how well their company’s security posture was communicated to senior management, the respondents were equally as concerned. Only 28 percent felt the security metrics they used to communicate their security posture were “completely effective.” Meanwhile, 65 percent felt the metrics were only “somewhat effective.”
Why the lack of cybersecurity confidence?
The study further noted that business executives continue to rely mainly on quantitative metrics that are aimed at preventing data breaches but do little once a breach has occurred. For instance, many companies focus on alerts and incidents, which decrease in usefulness when breaches are a constant. “It is like counting mosquitos on a warm summer night,” the report quips. Meanwhile, less than 35 percent of respondents use a more informative metric, dwell time (i.e., the elapsed time from initial breach to containment), as one of their security metrics.
Given that nearly nine in ten organizations have had at least one breach and one in five had three to five breaches that resulted in a loss or compromise of data in the past year, the report argues that a new cybersecurity approach is needed that focuses on what happens in the wake of a breach as well as building stronger cybersecurity confidence among business executives.
“We know threats are going to get in so if we want to be more confident, we need to shift our thinking to qualitative metrics such as dwell time which is the elapsed time from initial breach to containment,” Ed Hammersla, president of Raytheon/Websense, said in a press statement, “Reducing the time a threat is in your network reduces damage and helps strengthen your overall security posture.”
Key Contacts
Let`s get in touch!
Related Posts
NJ OAG Enforcement Action Highlights Cyber Risks for Real Estate and Financial Companies That Failed to Protect Against Identity Theft
Are QR Codes Convenient or Risky? What Your Business Needs to Know
What’s a Credential Stuffing Cyberattack and Is Your Business Vulnerable?
Year in Review: Top Cybersecurity Law Developments in 2021
Survey Reveals Many Business Executives Lack Cybersecurity Confidence
Author: Scarinci Hollenbeck, LLC
As cyber threats against U.S. businesses continue to grow, most companies have increased their investment in cybersecurity. However, according to a new survey, a number of high-level business executives revealed they did not possess much cybersecurity confidence.
The March 2015 survey polled 100 security executives, 19 percent of which were at either the CISO/CSO or CIO level, regarding their cybersecurity “posture.” The term was defined to include factors such as the number of data breaches identified, how quickly responsible teams could respond, and how long critical systems were offline.
The Raytheon/Websense cybersecurity study revealed that only 31 percent of the respondents had any form of cybersecurity confidence in regards to their organizations’ security posture. The majority — 65 percent — reported that they were merely “somewhat confident.”
When asked about how well their company’s security posture was communicated to senior management, the respondents were equally as concerned. Only 28 percent felt the security metrics they used to communicate their security posture were “completely effective.” Meanwhile, 65 percent felt the metrics were only “somewhat effective.”
Why the lack of cybersecurity confidence?
The study further noted that business executives continue to rely mainly on quantitative metrics that are aimed at preventing data breaches but do little once a breach has occurred. For instance, many companies focus on alerts and incidents, which decrease in usefulness when breaches are a constant. “It is like counting mosquitos on a warm summer night,” the report quips. Meanwhile, less than 35 percent of respondents use a more informative metric, dwell time (i.e., the elapsed time from initial breach to containment), as one of their security metrics.
Given that nearly nine in ten organizations have had at least one breach and one in five had three to five breaches that resulted in a loss or compromise of data in the past year, the report argues that a new cybersecurity approach is needed that focuses on what happens in the wake of a breach as well as building stronger cybersecurity confidence among business executives.
“We know threats are going to get in so if we want to be more confident, we need to shift our thinking to qualitative metrics such as dwell time which is the elapsed time from initial breach to containment,” Ed Hammersla, president of Raytheon/Websense, said in a press statement, “Reducing the time a threat is in your network reduces damage and helps strengthen your overall security posture.”
