infographic
Tenable illustrates the findings of a commissioned study conducted by Forrester Consulting which shows why cybersecurity risk strategies need to mature and how organisations need to act in order to thrive in a secure business environment .
94 % OF GLOBAL ORGANISATIONS SUFFERED ONE OR MORE BUSINESS-IMPACTING CYBERATTACKS
STUDY REVEALS
How secure or at risk are organisations from cyberattacks ?
Only four out of 10 security leaders can answer this question with a high level of confidence . The Rise of the Business-Aligned Security Executive , a commissioned study conducted by Forrester Consulting on behalf of Tenable , surveyed over 800 security and business leaders . Its findings are sobering , with 94 % of respondents confirming their organisation had suffered one or more businessimpacting cyberattacks in the last year – that is , an attack resulting in a loss of customer , employee , or other confidential data ; interruption of day-to-day operations ; ransomware payout ; financial loss or theft ; and / or theft of intellectual property .
Roughly two-thirds ( 65 %) said these attacks involved Operational Technology ( OT ) assets . Multiple attacks were not uncommon , with 46 % confirming they ’ d weathered five or more business-impacting cyber events in the last 12 months .
The same study found that 68 % of respondents said they ’ d experienced an increase in the number of business-impacting cyberattacks in the last two years . When looking to the future , 77 % of respondents expect an increase in cyberattacks over the next two years .
Cybersecurity needs to mature as a business risk strategy
In order to protect themselves against such attacks in the future , business leaders need a clear picture of how vulnerable their company is and how risk changes as business strategies are planned and implemented .
The study results show that 75 % of global business and security executives only ‘ partially ’ align their strategies . Current developments make it clear that security and business managers must start to pull together .
So , what has to change ? It is difficult for security leaders to get a comprehensive picture of weaknesses in the company without the proper people , processes and technology . It ’ s vital that they are able to identify which services and applications are critical to the business and then focus on them . To minimise the impact on their business , they need to work closely with their business partners and set priorities together .
77 % of respondents expect an increase in cyberattacks over the next two years .
Currently , fewer than 50 % of security leaders worldwide frame the impact of cybersecurity threats within the context of a specific business risk . This must change quickly . Forwardthinking companies recognise the need to include cybersecurity in all business issues , decisions and investments . In fact , the study found that , when security and business leaders are aligned , they deliver positive results . Businessaligned security leaders are eight-times as likely as their more siloed peers to be highly confident in their ability to answer the question , ‘ How secure or at risk are we ?’
The only way to thrive is to include cyber considerations in every business question , decision and investment . Instead of talking about vulnerability reduction or offering tactical metrics about controls , business-aligned security leaders will confidently evaluate the vulnerabilities that are critical to the assets that have the greatest effect on the business . They will align the risk reporting in terms the business understands – customer churn as a result of a data breach or spoiled goods if a production line fails . This enables security leaders to provide an unambiguous , authoritative , answer when asked by business leaders , ‘ How secure , or at risk , are we ?’ u
22 Issue 31 | www . intelligentciso . com