- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: Security investments are failing
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Security investments are failing
More bad news is threatening organizations’ cyber resilience in several areas and causing security investments to fail. Our research identifies serious gaps in protection, very low detection rates, much longer business impact and customer data being exposed. Yet, our leaders are, once again, proving the exception in many of these areas.
With only a little more than half of their organization covered by their cybersecurity programs, non-leaders are at risk of having many areas unprotected. This contrasts with leaders who are able to cover 85 percent of their organization with their cybersecurity programs. The difference reflects a substantial gap in protection between the two groups.
More bad news is threatening organizations’ cyber resilience in several areas and causing security investments to fail. Our research identifies serious gaps in protection, very low detection rates, much longer business impact and customer data being exposed. Yet, our leaders are, once again, proving the exception in many of these areas.
With only a little more than half of their organization covered by their cybersecurity programs, non-leaders are at risk of having many areas unprotected. This contrasts with leaders who are able to cover 85 percent of their organization with their cybersecurity programs. The difference reflects a substantial gap in protection between the two groups.
Building cyber resilience takes teamwork. Employees, third-party suppliers, alliance partners, law enforcement agencies and even competitors all have their parts to play. However, the first line of defense in an organization is the cybersecurity team. On average, our research shows the security teams of non-leaders discover 54 percent of cybersecurity breaches, while the security teams of leaders were able to find 83 percent. This level of detection enables leaders to respond quickly and start to fix security breaches sooner to reduce overall damage.
A failure to fully exploit advanced technology investments is also having an impact in terms of remediation. More than half of all security breaches (55 percent) for leaders had a business impact lasting more than 24 hours. For non- leaders, the figure was 93 percent. Reducing the impact on the organization to less than one day is a tough challenge, even for leaders, but this clearly is an area where non-leaders could improve their performance significantly.
Despite suffering from more frequent attempts to access customer records, only 15 percent of leaders have had more than 500,000 customer records exposed through cyberattacks in the last 12 months. But 44 percent of non-leaders admit that more than 500,000 customer records were exposed across all security breaches in the last year. The result is that 19 percent of non-leaders faced regulatory actions in the last 12 months compared with only 13 percent of leaders. Another outcome of this finding is that 19 percent of non-leaders faced financial penalties compared with only 9 percent of leaders. With potential fines in excess of US$100 million for violations of general data protection regulations (GDPR), regulatory fines may match, or even exceed, the overall cost of cybercrime for an organization.