Tenable study shows: 96 percent of all German companies have suffered at least one business-damaging cyber attack in the past 12 months. But only 3 out of 10 security officers in Germany can answer the question “How safe or at risk are we?”.
Tenable®, Inc., the cyber exposure company, published a global industry study that found the vast majority of German companies (96%) had suffered a business-damaging cyber attack in the past 12 months, according to both business and also from security officers. The data comes from The Rise of the Business-Aligned Security Executive, a commissioned study among more than 800 business and cybersecurity executives worldwide, including 103 respondents in Germany from Forrester Consulting was carried out on behalf of Tenable.
Against the background of incessant attacks by cyber criminals, 74% of those surveyed in Germany were able to determine a drastic increase in the number of cyber attacks that could damage business over the past two years, some of which had serious effects: companies reported a loss of productivity (45%), loss of customer data ( 37%) and loss from identity theft (36%). Around 61% of security officers in Germany state that operational technology (OT) was also affected by these attacks.
3 out of 10 security officers know the risk situation
Business leaders want a clear picture of how vulnerable their companies are and how that risk changes as business strategies are planned and implemented. But only 3 out of 10 security officers in Germany state that they can answer the fundamental question “How safe or at risk are we?” With a high degree of confidence - despite the frequency of cyber attacks with business-damaging effects.
Globally, less than 50% of respondents said they viewed cybersecurity threats in the context of a specific business risk. For example, although 95% of respondents had developed response strategies to the COVID-19 pandemic, 75% of business and security executives admitted that their response strategies were only “partially” coordinated.
Companies in which security and business leaders pull together to measure and manage cybersecurity as a strategic business risk deliver verifiable results. Compared with isolated colleagues, it is the case with business-oriented security officers:
Eight times more likely that they are highly confident of their ability to be accountable for the security or risk situation of their company.
- 90% are very or completely confident that they can demonstrate that cybersecurity investments have a positive impact on business development, compared to only 55% of their peers who act in isolation.
- 85% have metrics to track cybersecurity ROI and business impact, compared to just 25% of their peers in isolation.
In companies with business-oriented cybersecurity officers, it is also:
- Three times more likely to align cybersecurity goals with business priorities
- Three times more likely that the security department has a comprehensive view of the company's entire attack surface
- Three times more likely to use a combination of asset criticality and vulnerability data when prioritizing remediation actions
“In the future there will be two types of CISOs - those who coordinate directly with the business and everyone else. The only way to be successful in today's age of rapidly advancing digitalization is to include 'cyber' in all business issues, decisions and investments, ”said Renaud Deraison, Chief Technology Officer and co-founder of Tenable. "We believe this study shows that forward-thinking companies see a cybersecurity strategy as essential to innovation and that when security and business leaders work closely together, it can lead to transformative outcomes."
The data basis
Forrester Consulting conducted an online survey of 2020 security officers and 416 business executives in April 425, as well as telephone interviews with five business and security officers, about cybersecurity strategies and practices in medium to large companies in Australia, Brazil, Germany, France, UK , India, Japan, Mexico, Saudi Arabia and the USA to investigate.
More on this in the study at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.