The new Cybersecurity Maturity Report reveals cyberattacks surged by 38% in 2022 alone, resulting in significant company loss, including financial and brand damage. Meanwhile, corporate security expenses have grown dramatically as a result of the increasing sophistication of assaults and the proliferation of cybersecurity solutions on the market. How equipped are companies and countries to properly confront today’s cyber risk, given the surge in risks, budgets, and solutions?
This subject is addressed in CYE’s new Cybersecurity Maturity Report 2023. It sheds light on the strength of cybersecurity in various industries, organization sizes, and nations. According to the security service website businesses and nations have the strongest cyber postures. As well as which lag the most common weaknesses in today’s cyber threat landscape.
The study is based on two years of data gathered from over 500 organizations in 15 countries. It encompasses 11 industries and a wide variety of firm sizes. It assesses cybersecurity maturity across seven security domains. This includes application-level security, network-level security (secure cloud storage online backup, and email security), identity management, and remote access, among others.
The following are the key findings:
Finding #1: Larger budgets do not always imply better cybersecurity
Norway has the greatest overall cybersecurity maturity level among countries, followed by Croatia and Japan. These nations may not have the large cybersecurity expenditures of the United States, the United Kingdom, or Germany. However, they do have advanced regulatory regimes. In addition to the early adoption of cybersecurity, Norway, Croatia, and Japan unified planning by their governments and organizations. This finding illustrates how large financial investments do not necessarily translate into high maturity levels.
Finding #2: Tech Companies Score Average
Among sectors, the energy and financial industries came out on top for the overall cybersecurity maturity level. Moreover, healthcare, retail, and government agencies were among the lowest. Surprisingly, the tech industry scored about average. It could be possibly because of the larger attack surface such companies typically must defend compared to other sectors.
The average score might also be because IT organizations frequently embrace new technologies that are particularly prone to attacks and weaknesses. Furthermore, technology businesses tend to develop considerably quicker than other industries. Which can be a concern when trying to maintain a solid cyber posture.
Finding #3: Small and medium-sized businesses outperform large corporations
Surprisingly, small and medium-sized businesses outperformed organizations with over 10,000 workers in terms of cybersecurity maturity. This might be because small businesses may have an easier time securing their limited attack surfaces. Investing in cybersecurity solutions is certainly a priority for medium-sized businesses. However, having to defend such a vast attack surface definitely has an impact on major organizations’ level of cybersecurity maturity.
Finding #4: Nearly one-third of businesses do not have effective password policies
According to the report, 32% of organizations have inadequate password rules. Moreover, it is a very solvable problem that corporations appear to have overlooked. Furthermore, 23% of organizations were found to have inadequate authentication measures. This is troubling since the combination of the two flaws enables hackers, allowing them to log in with little effort.
Suggestions for Improving Cybersecurity Maturity
The report’s general conclusion is that most organizations are not appropriately prepared for the possibility of cyberattacks. However, if organizations plan and spend well, they may reach a high cybersecurity maturity posture without significant expenditure.
Organizations should invest in capabilities rather than technologies to secure themselves. They should conduct complete assessments to prevent hackers from exploiting weaknesses and build a strategy for cybersecurity with board-level responsibility. The use of cyber risk optimization systems can assist in managing organizational cyber risk and prioritizing mitigation efforts.
