SecureLink releases Security Maturity Report
The intention is there, but cyber security strategies aren’t always supported by processes and controls.
Sliedrecht, June 3, 2019
Today SecureLink, Europe’s premier cyber security company, launches its 2019 Security Maturity Report. The report was created using thousands of answers, taken from security maturity assessments at European companies. The report features maturity levels across different verticals, human factors, processes and technology controls. It aims to be an objective security maturity marker, shedding light on strengths and weaknesses as perceived by organization’s cyber security leadership.
Some takeaways from the report are:
- While two thirds of the respondents have a high-level cyber security strategy, it’s often not translated in processes and technology controls. The board intention is there but follow up is lacking.
- Despite an increased awareness on risk, many organizations still focus more on ‘preventative’ controls like endpoint and perimeter protection, than on detection of incidents, slipping through the cracks. Interestingly, there is an appetite for external focused tools like threat intelligence.
- Finance & legal consider themselves the most mature vertical. Surprisingly, Retail (including brick and mortar retail) consider themselves the least mature. The majority of organizations do not reach the defined baseline.
Thomas Fetten, CEO at SecureLink, says “It’s great to see organizations across Europe seeking support and allocating internal resources to establishing their cyber security posture and maturity. Cyber security is a journey which starts with knowing where you are. The results show that most organizations in Europe are in a better place than a year ago. That said, by their own standards, there’s still a lot of work to do.”
Richard Jones, CISO at SecureLink adds: “The increased diversity of risks drives a mentality change: organizations understand you can’t be 100% secure. Organizations should aim to establish defined cyber security roles, documented processes and state of the art technology as a baseline. Not everyone we talk to is at that level today.”