Failing to Measure Cybersecurity Effectiveness?

Are you failing to measure cybersecurity effectiveness? Well, now you can find out with the State of Cyber Security Metrics Annual Report 2017. Exploring the shameful state of cybersecurity metrics, failures in planning and performance, the lack of resources cited as a major hurdle and how small business are especially vulnerable; This report provides an in-depth understanding of the necessity of cybersecurity metrics and how they can help your business survive a cyber-attack.Here's a sneak peek:

• 58% scored a failing grade in measuring the effectiveness of cybersecurity investments and performance.
• 4 out of 5 companies worldwide are not fully satisfied with their cybersecurity metrics.
• 1 in 3 companies invest in cybersecurity without any way to measure its value.

Key Findings: Most Companies are Failing at Cyber Security MetricsWith over 400 global business and security executives participating in this benchmark survey, more than half of respondents scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices. Based on internationally accepted standards for security embodied in ISO 27001, as well as best practices from industry experts and professional associations, the Security Measurement Index benchmark survey provides a comprehensive way to define how well an organization is measuring the effectiveness of its IT security. Most survey respondents do not feel confident about how they are measuring the value of their cybersecurity investments, and 80% stated that they are not fully satisfied with the metrics available.Failures in PlanningWith global companies and governments spending more than $100 billion a year on cybersecurity defenses, a substantial number---32 percent---of companies are making business decisions and purchasing cyber security technology blindly. Even more disturbing, over 80 percent of respondents fail to include business users in making cyber security purchase decisions, nor have they established a steering committee to evaluate the business impact and risks associated with cybersecurity investments.Failures in PerformanceWith Ransomware causing major havoc in the past year, it’s alarming that so many organizations are uncertain whether they have backed up information properly and if they can recover it in a timely manner. Nearly two out of three businesses (64%) among survey respondents fail to recover timely, or in a way that aligned with their disaster recovery plan.Download the full report to continue.