Tenable Network Security®, Inc., disclosed that the UK received a ‘C’ overall grade for its 2016 Global Cybersecurity Assurance Report Card. Information security practitioners from the UK were asked about confidence in their respective organizations’ abilities to assess risk, invest in appropriate tools and successfully respond to cyber threats, scoring 73% overall—an underachieving “C.”
Mobile device security is the Achilles heel in the UK: the country’s security professionals gave a failing grade to their ability to assess cyber risks related to mobile devices (rated “F” in UK, and “D” globally). The inability to even detect transient mobile devices in the first place (rated “D”) was another big challenge for the UK’s security practitioners, who scored themselves lower than the global average.
While most global respondents believe they have the tools in place to measure overall security effectiveness, scoring “B-,” this view isn’t mirrored in the UK, where survey respondents assigned a “C+.” Cloud vulnerability management and risk assessment is another key concern for Brits, with the ability to assess risks in cloud infrastrucuture (IaaS) and cloud services (SaaS) earning a “D” and “D+” respectively.
“What this tells me is that UK security pros have a fairly realistic idea of where they stand when it comes to overall cyber readiness, and they believe there is a lot of room to improve,” said Gavin Millard, EMEA technical director, Tenable Network Security. “Cloud and mobile continue to disrupt enterprise IT, but what the survey shows, alongside an alarming lack of ability to detect and remediate threats associated with these non-traditional attack surfaces, is that security has to evolve in order to keep up with the rate of innovation. Organizations need next-generation solutions that can definitively answer the question ‘How secure are we?’”
According to the survey results, the biggest non-technical challenge facing UK information security professionals is an overwhelming threat environment, followed closely by a lack of qualified workers.
“Attackers are breaching the world’s cyber defenses seemingly at will, and organizations of all kinds are feeling the strain,” said Millard. “As we move into 2016, hopefully all parties will continue to come together to assess cyber security risks, build robust defences and mitigate attacks.”
About the 2016 Global Cybersecurity Assurance Report Card
Research for the 2016 Global Cybersecurity Assurance Report Card was conducted by CyberEdge Group, a research and marketing firm serving the security industry’s top vendors.
Tenable surveyed 504 IT security professionals employed by organizations with 1,000+ employees in August 2015. A 12-question web-based survey asked respondents to provide a rating on a five-point scale. By adding together the two most-favorable responses (e.g., strongly agree + somewhat agree) for each question, and then averaging together associated responses, two summary indices were derived. The Risk Assessment Index measured an organization’s ability to assess cybersecurity risks across 10 key components of enterprise IT infrastructure. The Security Assurance Index measured an organization’s ability to mitigate threats by investing in security infrastructure fueled by executive and board level commitment. The index scores were averaged to produce the overall report card score for each country and industry. For more information, please visit http://tenable.com/2016-global-cybersecurity-assurance-report-card/ .