CYE Releases its Cybersecurity Maturity Report Indicating Clear Inefficiencies in Security Investment Due to Wrong Strategy and Risk Approach

TEL AVIV, Israel - March 28, 2023 - CYE, the leading cybersecurity optimization platform, announced today the release of its inaugural Cybersecurity Maturity Report, a comprehensive industry data analysis, based on two years worth of data, collected from hundreds of organizations, in 15 countries, spanning 11 industries and a range of company sizes. It highlights areas where improvements have been made, as well as areas where more attention may be needed. Additionally, the report sheds light on the most common cyber vulnerabilities present in today's threat landscape, and provides a detailed picture of the maturity scores of organizations across different industries worldwide, indicating that despite record spending on cybersecurity, maturity levels remain relatively low.

The report also presents a solid case that many organizations are getting their security strategy completely wrong. Building an effective security program requires understanding an organization's unique situation, attaching the findings to business assets, and understanding the implications of specific actions. It is critical to take a business-centric approach to cybersecurity and ensure that security investments align with business objectives to achieve the desired outcomes.

“In today's rapidly evolving security landscape, organizations are investing heavily in security tools to safeguard their assets. However, despite this increased investment, we continue to see low efficiency and an increase in risk,” said Reuven Aronashvili, founder and CEO at CYE. “This is largely due to a wrong approach towards security. The security market needs to change its approach and move away from maturity program-based approaches and towards a business impact-driven strategy. By measuring the effectiveness of security solutions and their overall contribution to organizational risk, businesses can ensure they are making informed decisions about their security posture. It's time for the security industry to shift its focus towards business impact, and prioritize risk reduction and efficiency above all else.”

“CYE’s cybersecurity maturity report should serve as a wake up call,” said Ira Winkler, Field CISO at CYE. “The main takeaway from this research is that organizations can achieve great impact on the risk posture even without a huge cybersecurity budget, if they plan and spend it right.”

Some report highlights include:

• On a country level, Norway scored highest on overall cyber maturity level, followed by  Japan. This can largely be attributed to early cybersecurity adoption in these countries and unified planning by governments and organizations, as well as advanced regulatory systems, despite not having the larger cyber budgets of countries such as the US, UK and Germany which scored significantly lower.
• Among sectors, energy and finance industries scored high on cybersecurity maturity, while healthcare, retail, and government scored low. Despite high scores, the financial sector remains at risk due to cyberattacks, prompting companies to implement measures to avoid financial loss and comply with regulations. Retail scored low due to focus on "second line of defense" monitoring and response, rather than "first line of defense" detection and protection.
• Surprisingly, the tech industry scored average in overall cyber maturity. This could be explained by the large attack surface of tech companies, and the higher risk appetite that tech companies have compared to other sectors. Also, tech companies tend to be early adopters of new technologies that are still maturing and are therefore especially vulnerable to attacks and exploits. Tech companies tend to grow much faster than in other sectors, and maintaining high cyber hygiene while making that transition is challenging.
  

“We are excited to release our findings that put into clear focus the very real need for organizations to shift their approach to cybersecurity which is critical in this era of increasingly prevalent and sophisticated cyberattacks,” said Nimrod Partush, VP Data Science at CYE. “CYE’s industry-leading data scientists and security researchers have worked hard to collect and analyze this data and glean meaningful insights that will hopefully enable organizations to learn from our recommendations and best practices on how to achieve a better cyber posture.”

The report includes insights obtained from hundreds of organizations over two years.  Assessments were conducted across seven security domains, including Application Security; Policies, Procedures, & Governance; Identity Management; Network Security; Monitoring & IR; Sensitive Data Management and Endpoint Security and

To download the full report, please click here.

About CYE

CYE’s cybersecurity optimization platform enables businesses to visualize, quantify, and mitigate cyber risk so they can make better security decisions and invest in effective remediation. CYE combines technology with red team activity to deliver the most comprehensive organizational security assessments and contextual risk analysis and insights.

Media Contact

Rachel Glaser
GK for CYE
[email protected]

SOURCE CYE