A new survey of security executives at large companies in the U.S. reveals that confidence in their enterprise security posture is lacking. Less than a third of these executives are confident in their security posture, and only slightly more than a quarter feel that their communications on security metrics and posture to senior management is effective. According to the survey, these executives continue to rely mainly on quantitative metrics that are aimed at preventing breaches but do little once a breach has occurred.
Alarmingly, in the face of these statistics, nearly 9-in-10 of the organizations represented in the survey have had at least one breach with a loss or compromise of data in the past year. Nonetheless, only a third of the executives employ qualitative techniques, such as dwell time, that help them understand the state of their network post-breach.
This report looks at the results of the survey and offers observations and recommendations
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program