Forrester Consulting surveyed 158 security leaders to evaluate how enterprises are assessing and managing security threats to their IT infrastructure, as well as to their third-parties.
The survey found that while the threat landscape is growing more complex and dangerous, security ratings platforms are becoming a key component to address those threats while delivering a strong return on investment.
Forrester predicts that in 2018, security decision makers will face new challenges primarily brought on by political tensions, constant connectivity, the ubiquity of data, and digital transformation efforts. A lack of ecosystem visibility, paired with evolving risks, makes for huge operational security challenges.
Security ratings adoption is on the rise
With 87% of respondents finding security ratings valuable (37%) or extremely valuable (50%). Twenty-nine percent of companies who do not currently use security ratings services are currently testing/piloting a tool or service, and another 41% plan to adopt them within the next two years.
Return on Security Investment
91% of respondents stated that their ROI has at least met expectations, with 55% saying that ROI has exceeded expectations.
CISO’s who are not using security ratings are missing out
Security and risk decision makers using security ratings benefit from improvements to threat intelligence, security posture, business resiliency, and ability to prioritize and justify new security investments, just to name a few. And many of the benefits that users have confirmed are greater than what nonusers of security ratings services would expect.
Predictive capabilities and visibility into third-party risk are the most valued
Predictive and prescriptive capabilities are the most important criteria for survey respondents when considering an investment in a security ratings platform, followed by visibility into third-party risk, compliance tracking, and robust detail behind the scores.
“Security ratings have rapidly moved from a novel technology to a key component of an enterprise cybersecurity program,” said Sam Kassoumeh, COO, SecurityScorecard. “This study demonstrates the velocity at which the market is moving and the demand from security leaders to have visibility into the risks posed by their business partners and third party providers. Our triple-digit growth is directly related to our platforms ability to deliver predictive analytics, ecosystem-wide visibility, compliance capabilities and the most comprehensive data set in the industry.”