Companies are working to balance their desire for new innovations with their need for strong cyber-defenses, according to a new report from CompTIA.
CompTIA’s “Cybersecurity for Digital Operations,” based on a survey of 500 U.S. businesses, also reveals that company executives, business staff and technology professionals have distinctly different views on where their organization stands when it comes to cyber-readiness.
The stakes have never been higher for business operations, and public and private safety, according to Seth Robinson, senior director for technology analysis at CompTIA.
“Companies are experimenting with and implementing new technologies, from the Internet of Things and blockchain to augmented reality and artificial intelligence,” Robinson said. “Each of these innovations and others have the promise of new possibilities, but they also create new and unique security complications.”
The CompTIA study finds that 45 percent of companies are completely satisfied with their current cybersecurity readiness. That’s up significantly from the 21 percent of firms that responded that way in 2017, but it leaves more than half of companies still feeling as if they can do more.
Progress on the cybersecurity front may be stalled due to differing opinions from different corners of the business.
Asked to evaluate the current status of their cybersecurity efforts, 55 percent of executives and 61 percent of business staff rated it as completely satisfactory. Among IT staff – the employees that should have the best understanding of risks and readiness – just 35 percent are completely satisfied.
Similarly, 91 percent of executives and business staff said there is a strong understanding of cybersecurity within their company, but only 78 percent of IT staff feel the same way.
Other trends identified in the study may cause those disparities to lessen over time. For example, nearly half the companies said that cybersecurity is discussed across the company as a standalone topic affecting business operations.
“Businesses are starting to recognize that they need to treat cybersecurity as something that crosses organizational boundaries and isn’t confined to the IT department, ” Robinson said. “Cybersecurity is a moving target that requires ongoing vigilance and flexible responses throughout the organization.”
The report also notes that there has been a sizeable increase in the number of companies making “heavy” use of metrics to evaluate their cybersecurity performance; from 21 percent in 2018 to 39 percent this year. Small companies (48 percent) seem to be taking the lead in the use of metrics, perhaps with the help of third-party firms to manage their security, followed by large organizations (37 percent) and mid-sized firms (27 percent).
Respondents cited a range of cybersecurity metrics that they are employing, including tracking their successful compliance audits, employee security training, formal risk assessments, and violations of security policies.