How Secure Are We?
Only the business-aligned cybersecurity leader can answer with confidence
Business leaders want a clear picture of their organizations’ cybersecurity posture — “How secure, or at risk, are we?” — but many security leaders struggle to answer that question, let alone accurately communicate this information. Tenable commissioned Forrester Consulting to conduct a global independent study to find out why — and what you can do about it.
ONLY FOUR OUT OF 10 SECURITY LEADERS SAY THEY CAN CONFIDENTLY ANSWER THE QUESTION, “HOW SECURE, OR AT RISK, ARE WE?”
A commissioned study of more than 800 business and cybersecurity leaders worldwide conducted by Forrester Consulting on behalf of Tenable reveals:
- Business and cybersecurity strategies are seldom on the same page.
Fewer than half of respondents regularly consult their executive counterparts when developing business or cybersecurity strategies, a disconnect that persists even during concerted efforts such as an official COVID-19 response plan.
- Security leaders have an incomplete picture of their attack surface.
With the rise of distributed work, and the growing adoption of cloud, mobile and IoT devices, security organizations require new tools and processes to comprehensively assess cyber risk beyond the traditional IT perimeter.
- Cybersecurity metrics often lack business-risk context.
Few security organizations use threat metrics that speak to business risk, exposing a need for new reporting practices that can better align cybersecurity programs with business objectives and industry benchmarks.
Today’s digital business requires a new security approach focused on both understanding the current risk posture and predicting the greatest threats to the business.
“There are two languages getting spoken. Business leaders want to know, ‘What’s the cause, what’s the headline, what’s the risk?’ The language barrier between [business and security leaders] is a chasm.”
Source: Business Information Security Officer, Financial Services