Mar 23, 2023The Hacker News
In 2022 alone, global cyberattacks increased by 38%, resulting
in substantial business loss, including financial and reputational
damage. Meanwhile, corporate security budgets have risen
significantly because of the growing sophistication of attacks and
the number of cybersecurity solutions introduced into the market.
With this rise in threats, budgets, and solutions, how prepared are
industries and countries to effectively address today’s cyber
risk?
CYE’s new Cybersecurity Maturity Report
2023[1] tackles this question by
shedding light on the strength of cybersecurity in different
sectors, company sizes, and countries. It highlights which
industries and countries have the most robust cyber postures and
which are lagging, as well as the most prevalent vulnerabilities in
today’s cyber threat landscape.
The analysis is based on two years’ worth of data, collected
from over 500 organizations in 15 countries, and spanning 11
industries and a range of company sizes. It measures cybersecurity
maturity across seven different security domains, including
application level security, network level security, identity
management and remote access, and more.
Here are the top findings:
Finding #1: Larger Budgets Don’t Necessarily Mean Better
Cybersecurity
Among countries, Norway scored the highest on overall
cybersecurity maturity level, followed by Croatia and Japan.
Although these countries do not have the substantial cybersecurity
budgets of countries such as the US, UK, and Germany, they do have
advanced regulatory systems. Other possible reasons that Norway,
Croatia, and Japan took the lead include early cybersecurity
adoption in these countries and unified planning by governments and
organizations. This finding illustrates how large financial
investments do not necessarily translate into high maturity
levels.
Finding #2: Tech Companies Score Average
Among sectors, energy and financial industries came out on top
for overall cybersecurity maturity level, while healthcare, retail,
and government agencies were among the lowest. Surprisingly, the
tech industry scored about average, which is possibly because of
the larger attack surface such companies typically must defend
compared to other sectors.
The average score could also be because tech companies tend to
adopt new technologies that could be particularly vulnerable to
attacks and exploits. In addition, tech companies tend to
experience growth much faster than other sectors, which can be an
additional challenge when trying to maintain a strong cyber
posture.
Finding #3: Small and Medium Organizations Score Higher Than
Large Organizations
Surprisingly, small- and medium-sized organizations had better
cybersecurity maturity scores than organizations with over 10,000
employees. This could be because small organizations may have an
easier time protecting their small attack surfaces. With
medium-sized organizations, investing in cybersecurity solutions is
clearly a priority. When it comes to large organizations, however,
having to defend such a large attack surface clearly has an effect
on the level of cybersecurity maturity.
Finding #4: Nearly One-Third of Companies Lack Effective
Password Policies
The study found that 32% of organizations were found to have
weak password policies—a highly solvable problem that companies
apparently have not adequately tackled. In addition, 23% of
organizations were found to have weak authentication mechanisms.
This is concerning, because the combination of the two issues
empowers hackers, who can then simply log in with minimal
effort.
Click here to download the full
report.[2]
Recommendations for Better Cybersecurity Maturity
The overall takeaway from the report is that most organizations
are not adequately prepared for the threat of cyberattacks.
However, organizations can still achieve a high cybersecurity
maturity posture without a large budget, if they plan and spend
correctly.
To protect themselves, organizations should invest in
capabilities, rather than tools; perform comprehensive assessments
to prevent hackers from exploiting vulnerabilities; and develop an
integrated approach to cybersecurity with board-level
accountability. Cybersecurity optimization solutions such as CYE
can help by combining technology, people, and processes to manage
organizational cyber risk and perform cyber risk quantification to
understand threats and prioritize mitigation.
Schedule a demo to see how you can improve
your cybersecurity maturity.[3]
Found this article interesting? Follow us on Twitter [4]
and LinkedIn[5]
to read more exclusive content we post.
References
- ^
Cybersecurity Maturity Report 2023
(cyesec.com) - ^
Click
here to download the full report.
(cyesec.com) - ^
Schedule a demo to see how you can
improve your cybersecurity maturity.
(cyesec.com) - ^
Twitter
(twitter.com) - ^
LinkedIn
(www.linkedin.com)
Read more https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html