“The Gap Between Executive Awareness and Enterprise Security,” a global survey of 304 IT security professionals conducted by Dimensional Research, drills into the types of metrics used to measure security program effectiveness, frequency of reporting, and other factors such as budget and skills.
Results show 60% of respondents believe their organization can be breached, and one-third of CEOs and 43% of management teams are still not regularly briefed on cyber security issues. While 79% of IT security professionals report on compliance metrics to demonstrate security program effectiveness, 59% state that threat detection metrics are most important.
The survey also looked to identify the main barriers for improving organizational security including:
Additionally, endpoint security and privileged account security were cited as the top two organizational security priorities over the coming year.
- - 75% of respondents cited budgeting issues as the primary barrier to improving cyber security;
- - In the face of a growing cyber security skills gap, 53% cited the lack of expertise as a primary barrier.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program