Cyber Risk Market Survey 2019 Sneak Preview

Transcription

1 Cyber Risk Market Survey 2019 Sneak Preview

2

3 About this Survey The market is still learning how to execute cybersecurity well. We created the Cyber Risk Market Survey to shed light on how companies are leveraging cyber risk to elevate their operations. More than 200 people responded over 90% from Cyber and IT Security professionals. Slightly more than one-third of responses were from companies with 1,000+ employees, and 80% were submitted by professionals with titles of Director and above. We feel this data strongly represents the current pulse of the cyber risk market. Even at this early stage, it is clear this is the first in a series of studies we must conduct to help the market wrap its arms around this big and important challenge. This Sneak Preview outlines the conversation that has emerged from our survey. To reserve your copy of the full report, visit nehemiahsecurity.com/survey

4 The Next Frontier for Cyber Defenders We isolated a High Performer subset of respondents that replied they had Very High visibility into, and confidence in, their current cyber defense approach. High Performers were 30% more likely to quantify their cyber risk. This is the first step towards a program designed to optimize investments and priorities necessary to maximize cyber defenses. Do you quantify cyber risk? 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% No Yes 0% High performer Low performer 4 Nehemiah Security

5 Number of factors to measure cyber risk 39% more likely 4 to leverage Threat Intelligence % more likely to leverage Industry Information Sharing This same set of High Performers also indicated that they measure nearly 60% more cyber risk factors as their Low Performer counterparts (and average of 4.1 factors versus 2.6). In addition, while Low Performers mostly stick to the low-hanging fruit, High Performers were more likely to activate higher order factors such as Threat Intelligence and Industry Information Sharing. Once companies begin to measure more cyber risk factors, we suspect that the intelligence becomes addictive. High performer Low performer Cyber Risk Survey 2019 Sneak Preview 5

6 Integrating Cyber into Business Strategy Measuring risk and managing risk are two separate exercises. One of our survey goals was to determine which companies are journeying towards a security program integrated with the business. Cyber Defense High Performers were 7 times more likely to claim they have an optimized, 100% 90% 80% 70% 60% 50% 40% Optimized, tested, and reinforced Defined but still in progress Initial/ad hoc Does not yet exist tested, and reinforced process for managing the risk they already quantify. This ability to enable business strategy will further propel security initiatives as teams garner more awareness and support across the 30% 20% 10% 0% High performer Low performer organization. 6 Nehemiah Security

7 Cyber Risk Survey 2019 Sneak Preview 7

8 What s Next? Future initiatives Invest in cyber technologies Hire cyber talent Optimize cyber policies Review ecosystem of cybersecurity service providers Training Optimize MSSP function/performance Penetration Testing/Red Teaming High performer Low performer Audit cyber posture 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 8 Nehemiah Security

9 A quick way to learn something new is to ask people who are doing it. We isolated Cyber Risk High Performers from our respondent base and asked them what cyber initiatives they planned to pursue in High Performers reported more investment than Low Performers in every category. In some cases, like Investment in Hiring and Technology, there was a big gap. Also noteworthy was the advocacy among High Performers for the more sophisticated functions of MSSP Optimization and Red Team testing. This reflects both an ambitious investment plan and a deliberate effort by High Performers to diversify their security portfolios. We will watch future survey results closely to study the impact cyber risk management has on the investments companies make to secure their enterprises. Cyber Risk Survey 2019 Sneak Preview 9

10 We are just now experiencing the first wave of Cyber Risk Management Companies are starting to ask themselves tough cybersecurity questions. Am I spending my cyber resources in the right areas? Do my insurance policies cover what I need them too and am I paying a reasonable premium? There are two things required to answer questions like these. First, you have to measure and analyze the efficiency of your cyber defenses. And second, as a security leader you have to communicate to the business. We are already seeing the smart companies take action in these areas and as quickly as possible. 10 Nehemiah Security Cyber risk should be thought of as a learning journey one companies should launch immediately if they haven t already. Jason Cook Managing Director, The Chertoff Group

11 The Cyber Risk Management Journey has begun... The minute security and business leaders wondered aloud Where should we spend the next $1M of budget, that is when the Cyber Risk Management train left the station. The only way to answer this question, and many other fundamental questions, is to measure and invest in management. Our Cyber Risk Market Survey has shed valuable light on where the market is on this journey. We expect more insights to emerge from the conversations that are happening around these findings. One thing has become very clear from this exercise, though, and that is companies that seek to optimize their cyber operations are pressing forward into cyber risk management. The question that remains is Where are YOU on the path?

12 12 Nehemiah Security