Companies Not Confident They Can Secure Data, Foil Attacks
A new survey finds information-security capabilities are still not well developed and suggests that more mature teams may be less confident.Corporate information-security executives and managers lack confidence in their company's ability to fend off cyber-attacks and protect their customer and business data, according to a survey published on June 9 by security firm RSA. About three-quarters of the 400 companies polled by RSA considered their overall information-security capabilities to be average or below average, the company stated. The survey, which RSA branded as a Cybersecurity Poverty Index, found that about four out of every 10 companies considered their security program to be "functional"—the average rating—rather than "developed" or "advantaged"—the two higher ratings. Business size did not appreciably impact companies' ratings of their capabilities, with 83 percent of large companies and 79 percent of small companies considering their overall security to be "average," "deficient," or "negligent." "Relative to where people think they need to be, they are falling short," Zully Ramzan, CTO for RSA, told eWEEK. "The goal is, over time, to improve the index and have a baseline in place where people can compare their relative maturities."
The research used an 18-question survey to gauge whether companies have the capabilities suggested by the Cybersecurity Framework, an effort by the U.S. National Institute of Standards and Technology to create guidelines for cyber-security programs. RSA researchers hoped to measure the relative maturity of information-security programs at a variety of companies and create an overall index to benchmark companies and industries.