Majority of Organizations Worldwide Underprepared for Cybersecurity Incidents, RSA Finds

Mateusz Adamowski

Seventy-five percent of respondents to RSA Security LLC’s second annual Cybersecurity Poverty Index face “significant cybersecurity risk exposure,” and just seven percent of respondents have advanced cybersecurity capabilities.

Geographically, the survey found that the Europe, Middle East and Africa (EMEA) region had the most advanced security strategies, followed by the Asia-Pacific & Japan region coming in second, and the Americas region as the least prepared.

Organizations had the strongest capabilities in the area of “Protection,” which is becoming less effective as cybersecurity threats become more sophisticated. The emerging forms of cybersecurity strategy—“Recovery” and “Respond”—that are supplanting Protection rank as the least mature within organizations.

The survey found evidence that an organization’s ability to increase its cybersecurity maturity level can meaningfully reduce the risk of suffering a negative impact to their business operations. Sixty-seven percent of respondents experienced cybersecurity incidents that negatively impacted their business operations, but only 24 percent of those organization had a mature security strategy by RSA’s standards.

RSA concluded from its survey that actually suffering a damaging cybersecurity incident was the number one factor that caused organizations to take the appropriate action to be prepared. Organizations across the world are woefully unprepared in their incident response capabilities.
Second, RSA concluded that organization don’t take steps to increase their preparedness because they fail to understand how cybersecurity risk impacts them. Organizations must at least appreciate how cyberattacks can impact their business before they can even begin to assess and mitigate risk, which then allows them to invest in appropriate response strategies.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.