In 2016, Tenable Network Security introduced its groundbreaking Global Cybersecurity Assurance Report Card to measure the attitudes and perception of 504 enterprise IT security practitioners across the globe. The report quantifies how security professionals rate their enterprise’s ability to both assess cybersecurity risks and mitigate threats. These scores were combined to produce a report card score on global cybersecurity status — whether or not the world’s cyber defenses are meeting expectations.
Reduced Confidence in Global Cyber Readiness
The 2017 Tenable Network Security Global Cybersecurity Assurance Report Card updates the 2016 findings. Tenable surveyed 700 security practitioners, assigning indices and grades based by country and industry. The data reflects an overall decline in perceptions of global cyber readiness, fueled by a pronounced inability to assess and mitigate cyber risks across the evolving IT landscape.
Collectively, participants scored just 61% on the Risk Assessment Index, a drop of 12% from 2016, and 79% on the Security Assurance Index, which remains unchanged. The average overall score, 70%, represents a six percent decline from last year.
Download the Full Report
Global Cybersecurity Assurance Report Card
The average overall score, 70%, represents a six percent decline from last year.
Key Security Weakness: Emerging Technologies
Respondents ranked Risk Assessment for cloud and mobile among the biggest current enterprise security weaknesses worldwide. A notable concern includes failing grades in Risk Assessment scores for containerization platforms (52%), DevOps environments (57%) and mobile devices (57%).
This can be explained, in part, by the accelerated adoption of cloud and mobile computing, combined with the emergence of DevOps and containers that increase the complexity and decentralization of enterprise IT. Together, these advances make it more difficult for security teams to see everything on their networks and accurately assess cyber risks.
Overwhelming Threat Environment Remains Top Challenge
These challenges are further complicated by the constantly evolving and expanding threat landscape – the number one challenge for security pros for the second consecutive year. This heightened technological complexity creates even more opportunity for attackers to exploit gaps in security coverage, leaving all organizations vulnerable to compromise and breach, regardless of the size of their security investments.
As data from the 2017 Tenable Network Security Global Cybersecurity Assurance Report Card show, it has become more critical than ever for global businesses and government organizations to not understand the threats aligned against them, but to also have realistic methods to assess their own cybersecurity strengths and weaknesses.
A comparison of 2017 and 2016 results for Risk Assessment, Security Assurance and Overall Scores, broken out by country. Key takeaways show India, which was not surveyed in 2016, debuting in 2017 with the highest overall score at 84% (B), while last year’s leader, the United States, fell two points to second place, with a score of 78% (C+). Germany reported a 10 point drop to 62% (D-), while Japan, another new 2017 addition, reported confidence levels of 48% (F), the lowest of all nine countries surveyed.
Participant scores broken out by country, comparing 2017 and 2016 results. Notably, six of the seven industries surveyed reported lower scores in 2017. Telecom and Financial Services, last year’s top scorers, showed the largest drops in confidence in 2017, while Retail confidence levels lost just one point, assuming first place with a score of 76 (C).
|Retail||Financial Services||Manufacturing||Telecom||Health Care||Education||Government|
In partnership with Tenable Network Security, CyberEdge Group developed a 12-question web-based survey instrument. The survey was promoted to information security professionals across nine countries and three geographic regions: United States and Canada (North America), United Kingdom, Germany and France (Europe), and Australia, Singapore, Japan and India (Asia Pacific). The survey was translated for non-English-speaking target audiences.
The online survey was conducted in October 2016. Each respondent met two demographic requirements: (1) employed at an organization with 1,000+ employees globally and (2) held an IT security position (i.e., not an IT generalist). Respondents who failed to meet either of these criteria were exited from the survey.
Respondents were derived from 19 industries and nine countries. Each country and industry referenced in this report included a minimum of 25 responses. Responses from industries with fewer than 25 responses were reported in the aggregate, globally and by country.
Scores were calculated by adding the percentages of the two most-favorable responses of associated questions. Risk Assessment Scores are associated with 11 IT components depicted in question 6 (see Appendix 3). Security Assurance Scores are associated with questions 7-12.
Newly added this year were participants from France, Japan and India. Of the 700 total respondents, 43% were based in North America (U.S. & Canada), 32% in Europe (U.K., Germany and France), and 25% in Asia Pacific (Australia, Singapore, Japan and India).
IT Security Roles
Of the 700 respondents, three-quarters (combined 75%) held manager, director, or executive leadership roles.