The study was based on a survey of 1500 plus respondents from board level to the security professionals
As much as 90% of the respondents have a high or medium degree of vulnerability to cyber attacks, finds a new study released by Tanium and NASDAQ.
The study, called The Accountability Gap: Cybersecurity & Building a Culture of Responsibility, was based on a survey of 1530 respondents across eight countries and sought to identify and understand where the gaps exist across all organizational levels around cybersecurity vulnerability from a people, process, and technology perspective. The cybersecurity vulnerability was assessed around seven inherent challenges: Cyber Literacy, Risk Appetite, Threat Intelligence, Legislation & Regulation, Network Resilience, Response, and Behavior. A research team at Goldsmiths, University of London developed a statistical model for scoring readiness, awareness and vulnerability for all these challenges. The respondents were non-executive directors (NED), C-level executives, Chief Information Officers (CIO), and Chief Information Security Officers (CISO).
The study found that 10% of the respondents have a high level of vulnerability and will likely reach crisis if they do not act quickly to address their cybersecurity posture. Another 80% of the respondents have a medium level of vulnerability and only 10% of the respondents have a low level of vulnerability, but there are still risks.
These are some of the findings
- 91% of the high vulnerable board members say they can’t interpret a cybersecurity report
- Only 10% of the high vulnerable respondents agree that they are regularly updated with information about the types of threats to cybersecurity that are pertinent to their business
- The low vulnerable respondents are 31% more likely than the high vulnerable respondents to have assessed the likely losses associated with cyberattacks
- 98% of the high vulnerable executives are not confident their organization tracks all devices and users on their system at all time
- 87% of the high vulnerable board members and executives don’t consider their malware, antivirus software, and patches to be 100% up-to-date at all times
- Only 9% of the high vulnerable board members said their systems were regularly updated in response to new cyber threats.