In 2022 alone, global cyberattacks increased by 38%, causing substantial business losses, including financial and reputational damage. Meanwhile, corporate security budgets have increased significantly due to the increasing sophistication of attacks and the growing number of cybersecurity solutions deployed in the market. With this proliferation of threats, budgets, and solutions, are industries and nations prepared to effectively address today’s cyber risks?
CYE’s new Cybersecurity Maturity Report 2023 addresses this issue by revealing cybersecurity strengths across different sectors, company sizes and countries. It highlights which industries and countries have the strongest cyber postures, which industries and countries are lagging behind, and the most prevalent vulnerabilities in today’s cyber threat landscape.
The analysis is based on two years of data collected from over 500 organizations in 15 countries, across 11 industries and companies of various sizes. It measures your cybersecurity maturity across seven different security domains, including application-level security, network-level security, and identity management and remote access.
Key findings include:
Finding #1: More budgets don’t always mean better cybersecurity
Among countries, Norway scored the highest for its overall cybersecurity maturity level, followed by Croatia and Japan. These countries do not have the cybersecurity budgets of countries such as the US, UK, and Germany, but they do have sophisticated regulatory systems. Other possible reasons for Norway, Croatia and Japan to take the lead include early cybersecurity adoption in these countries and unified planning by governments and organizations. The findings show that large financial investments do not necessarily translate to higher maturity levels.
Finding #2: Average Scores for Tech Companies
Among sectors, energy and finance topped the overall cybersecurity maturity level, while healthcare, retail, and government had the lowest. Surprisingly, the tech industry scored near average. This may be due to the larger attack surface such companies typically have to defend against compared to other sectors.
The average score may be due to technology companies’ tendency to adopt new technologies that may be particularly vulnerable to attacks and exploits. Additionally, technology companies tend to grow much faster than other sectors, which can pose additional challenges when trying to maintain a strong cyber posture.
Finding #3: Small and Midsize Organizations Score Higher Than Large Organizations
Surprisingly, small and medium-sized organizations had higher cybersecurity maturity scores than those with more than 10,000 employees. Maybe because Investing in cybersecurity solutions is clearly a priority for midsize organizations. However, when it comes to large organizations, the need to defend against such a large attack surface clearly impacts cybersecurity maturity.
Finding #4: Nearly a Third of Companies Lack an Effective Password Policy
The survey found that 32% of organizations use weak password policies. This is a very solvable problem that companies don’t seem to be addressing properly. Additionally, 23% of organizations found their authentication mechanisms to be weak. This is a concern because this combination of his two issues makes it easy for hackers to log in with minimal effort.
Click here to download the full report.
Recommendations for increasing cybersecurity maturity
The overall conclusion to be drawn from this report is that most organizations are ill-prepared for cyber threats. However, with proper planning and spending, organizations can reach cybersecurity maturity without a large budget.
To protect themselves, organizations should invest in capabilities, not tools. Perform comprehensive assessments to prevent hackers from exploiting vulnerabilities. Develop an integrated approach to cybersecurity with board-level accountability. A cybersecurity optimization solution such as CYE combines technology, people, and processes to manage an organization’s cyber risk and perform cyber risk quantification to understand threats and prioritize mitigation. increase.
Schedule a demo to see how you can improve your cybersecurity maturity.
