Three quarters of businesses are significantly exposed to cyber-risks, and this is a number that hasn't changed for a year. Those are the results released in RSA's latest Cybersecurity Poverty Index report, based on the answers of 878 companies in 81 countries, spanning more than 24 industries.
This especially relates to the Incident Response (IR) capabilities, which RSA describes as ‘particularly underdeveloped’. Almost half of respondents described IR as either ‘ad hoc’ or ‘non-existent’.
Still, businesses tend to amp up their security measures following a breach.
But it’s not all that grim, though. There is light at the end of the tunnel, and it’s in the form of detection and response technologies. Those companies that employ such an approach, instead of perimeter-based solutions, stand much better chances at defending themselves against cyber-criminals.
The report highlights one of the ‘most significant changes’, compared to the year before, and that’s a strong uptake in ‘mature cybersecurity programs’. The percentage of companies with such solution almost doubled, from 4.9 per cent to 7.4 per cent.
“This second round of cybersecurity research provides tangible evidence that organizations of all sizes, in all industries and from all geographies feel unprepared for the threats they are facing,” says Amit Yoran, President, RSA, The Security Division of EMC.
“We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasizes detection and response. Organizations need to set their agendas early, build comprehensive strategies and not wait for a breach to force them into action.”
The full report can be found on this link.