Tenable Inc, the cyber exposure company, has published the results of a global industry study of business and security executives that reveals the majority of UK organisations (96% of those surveyed, in fact) have experienced a business-impacting cyber attack in the past 12 months.
The data is drawn from ‘The Rise of the Business-Aligned Security Executive’, a commissioned study of more than 800 global business and cyber security leaders, including 103 respondents from the UK. The survey was conducted by Forrester Consulting on behalf of Tenable.
As cyber criminals continue their relentless attacks, 63% of respondents in the UK have witnessed a dramatic increase in the number of business-impacting cyber episodes over the past two years. Unfortunately, these attacks had damaging effects, with organisations reporting loss of employee data (44%), financial loss or theft (36%) and customer attrition (34%). Some 65% of security leaders in the UK say these attacks also involved operational technology.
Business leaders want a clear picture of how at risk they are and how that risk is changing as they plan and execute business strategies. Only four out of every ten local security leaders say they can answer the fundamental question: “How secure, or at risk, are we?” with a high level of confidence, despite the prevalence of business-impacting cyber attacks.
Looking at global respondents, fewer than 50% of security leaders said they are framing cyber security threats within the context of a specific business risk. For example, although 96% of respondents had developed response strategies to the COVID-19 pandemic, 75% of business and security leaders admitted their response strategies were only “somewhat” aligned.
Organisations with security and business leaders who are aligned in measuring and managing cyber security as a strategic business risk deliver demonstrable results. Compared to their siloed peers, business-aligned security leaders are:
*Eight times more likely to be highly confident in their ability to report on their organisations’ level of security or risk
*90% are very or completely confident in their ability to demonstrate that cyber security investments are positively impacting business performance compared with 55% of their siloed counterparts
85% have metrics to track cyber security RoI and impact on business performance versus just 25% of their siloed peers
Those organisations with business-aligned cyber security leaders are also:
*Three times more likely to ensure cyber security objectives are in lock step with business priorities
*Three times more likely to have an holistic understanding of their organisation’s entire attack surface
Three times more likely to use a combination of asset criticality and vulnerability data when prioritising remediation efforts
“In the future, there will be two kinds of CISO — those who align themselves directly with the business and everyone else,” said Renaud Deraison, CTO and co-founder at Tenable. “The only way to thrive in this era of digital acceleration is to bring cyber into every business question, decision and investment. We firmly believe this particular study shows that forward-leaning organisations view cyber security strategy as essential to innovation and that, when security and the business work hand-in-glove, the results can be transformational.”