New CyberArk survey on security programme effectiveness

New CyberArk survey on security programme effectiveness

Seventy-nine percent of IT security professionals report to executive management on compliance, yet 59 percent say threat detection metrics are most critical

New industry research sponsored by CyberArk (NASDAQ: CYBR) finds that one-third of CEOs and 43 percent of management teams are not regularly briefed on cyber security issues. Additionally, while 79 percent of IT security professionals are reporting on compliance metrics to demonstrate security programme effectiveness, 59 percent state that threat detection metrics are most important.

An independent survey of global IT security professionals, “The Gap Between Executive Awareness and Enterprise Security,” drills into the types of metrics used to measure security programme effectiveness, frequency of reporting, and other factors such as budget and skills.

The cyber security gap: Executive awareness and responsibility
The survey shows that 60 percent of respondents believe their organisation can be breached. As cyber attacks grow in aggression and impact, CEOs and boards are being held accountable for the security posture of their organisation. A closer look at the perceptions of IT security practitioners regarding executive cyber security leadership provides some clues into what’s driving a lack of alignment:

• 61 percent believe that CEOs do not know enough about cyber security;
• 69 percent say cyber security is too technical for their CEO;
• 53 percent think that CEOs make business decisions without regard to security;
• 44 percent believe CEOs simply do not grasp the severity of today’s risks.

IT security professionals need to properly educate executives
While IT security professionals are relying on executive level leadership on security issues, CEOs are increasingly relying on their IT security teams to provide them with the security information that matters. The survey shows that the cyber security awareness gap may be driven in part by the need for security teams to properly educate CEOs on what’s business critical when it comes to security:

• One-third of CEOs are still not regularly briefed on cyber security issues and related business risks;

• Forty-three percent of management teams do not regularly receive security status reports;

• Fifty-nine percent of respondents emphasised threat detection metrics as the most effective for measuring security programme effectiveness, yet 79 percent still provide compliance and audit findings to their CEOs and executive teams;

• Executive visibility into security programme effectiveness varies by industry with the highest percentage of respondents in financial services (72 percent) and healthcare (70 percent) saying they regularly provide executives with reports and metrics;

• 50 percent or less of respondents in manufacturing, hospitality, transportation and non-profit industries said that they regularly provide reports and metrics to their executive teams;

“Compliance does not equal security. It can lull a CEO into a state of complacency because all it demonstrates is a simple checking of a box without context for responsible levels of information protection,” said John Worrall, chief marketing officer, CyberArk. “Security professionals are briefing executives on the wrong information. They need to arm their CEOs and executive teams with information that matters such threat detection and risk metrics versus compliance and system availability.”

Is budget a barrier to effective cyber security?
Improving IT security fundamentals is a critical step in improving an organisation’s overall security posture. The survey identified areas for improving organisational security:

• Seventy five percent of respondents cited budgeting issues as the primary barrier to improving cyber security;

• In the face of a growing cyber security skills gap, 53 percent cited the lack of expertise as a primary barrier;

• Endpoint security and privileged account security were cited as the top two organisational security priorities over the coming year.

“Increasingly it’s CEOs who own the security agenda – whether they want to or not. One of our goals with this survey was to identify specific gaps between IT security and executive teams and help drive productive conversations that prioritize enterprise security,” continued Worrall. “By providing greater visibility into how cyber security programmes are performing, and regularly communicating needs around budget and skills, IT professionals will gain the support of the executive team and in turn help their organisation become more proactive in protecting against advanced threats.”

To help support the need for greater executive guidance and dialogue around critical cyber security decisions, CyberArk recently launched a new industry initiative, the CISO View. The CISO View provides a forum for the CISO community to share best practices and tangible guidance for building effective cyber security programmes. A new report, “The Balancing Act: The CISO View on Improving Privileged Access Controls,” features advice from a panel of CISOs from global 1000 enterprises about how to lead a comprehensive privileged account security programme including recommendations for getting executive buy-in, delivering metrics that matter, and measuring effectiveness of the controls. The report is available for free here.

“The Gap Between Executive Awareness and Enterprise Security” survey was conducted by Dimensional Research. The study, commissioned by CyberArk, surveyed 304 global IT security professionals. The primary research goal was to capture hard data on visibility and support of security programmes at the executive level. In addition, researchers sought to determine which metrics are used to define security effectiveness.

[su_button url=”http://www.cyberark.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about CyberArk[/su_button]

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top