Survey: 39 Percent of Organizations Score Poor or Deficient Level in Cybersecurity
A new survey from cybersecurity company Nixu reveals significant security concerns among Northern European organizations.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
A new survey from cybersecurity company Nixu finds that 39 percent of respondents in Northern European organizations assess themselves as having poor or deficient cybersecurity maturity. The survey also reveals that supply chain security is increasing in importance as a key issue, focus on risk management is surprisingly low, and deep expertise is the service provider’s most valued quality. Additionally, cybersecurity budgets are often not optimally spent.
The Nixu Cybersecurity Index measures cybersecurity maturity in Northern European organizations by evaluating four aspects of cybersecurity performance: current state, management, financial investments, and future development plans. In the first survey conducted with this approach, the average score was 67, which is barely satisfactory on the 10-100 scale. The scores are based on self-assessment.
The survey was conducted in September-October 2022. It includes responses from 180 Northern European cybersecurity leaders from a variety of industries and countries sharing their views about the current and future state of cybersecurity in their organizations.
According to the survey results, security awareness is the most critical cybersecurity capability, and organizations plan to strengthen it in the next 12 months. On the other hand, cybersecurity decision makers assess risk management as a surprisingly low priority capability. Only 24 percent stated that risk management is one of the most critical capabilities, and just 21 percent are planning to strengthen it within the next year. Nevertheless, more than a third of the respondents (38 percent) say risk management is not well initiated.
“This indicates that cybersecurity has been driven more as a technology item than an integral part of corporate risk management -- but the fact is that cybersecurity is all about risk management, and it should be addressed as a business issue,” says Jan Mickos, business area lead for managed services at Nixu.
Supply Chain Security Replacing Ransomware as the Hottest Topic
The role of supply chain security is among the key trends revealed by the survey. Respondents see it as the hottest topic in cybersecurity within the next 12 months. It is replacing ransomware as their leading topic during the last 12 months. A typical supply chain cyberattack can be targeted against one critical service largely used within a specific industry. For instance, the retail sector has already experienced such attacks when payment system providers have been breached.
“It is very difficult to defend against these kinds of attacks, but they are preventable. The real shortcomings and the main responsibility for preventing attacks through the supply chain lies, of course, with the suppliers, mainly the software companies. They need to convince customers that their products both work and are secure. For a long time, we have been able to take this more or less for granted, but it is reasonable that liability issues and guarantees will be given higher priority in IT procurement in the future,” says Mickos.
Among other results:
- Twenty-six percent say their cybersecurity budget is not spent in the most effective way, where two-thirds of respondents are certain or quite certain that their cybersecurity spending is optimized and appropriate.
- Organizations value quality strongly over price when making cybersecurity decisions. A service provider’s deep expertise in cybersecurity was valued highly or extremely highly by 97 percent of respondents.
The full survey report is available here: https://www2.nixu.com/NIXU_Cybersecurity_Index_Report_2022.pdf