A new survey has found that if businesses don’t take on good enough cybersecurity, they risk company failure.
BitSight conducted the report and evaluated how executives understand and measure their cybersecurity performance. It further looked into how these performances are communicated to the heads of the company and stakeholders.
The study, which was called ‘Better Security And Business Outcomes With Security Performance Management’, found that cybersecurity is now a critical part of any business. This is after 38% of participants admitted that they have lost business due to a lack of both perceived and real security performance in their business.
“Financial success, brand perception, business continuity and company reputation now all hinge on security performance,” said Tom Turner, CEO, BitSight. “But in order to effectively manage performance, you have to measure it. We think this study should serve as a wakeup call for security leaders and their executives and boards to take a close look at their strategies for security performance measurement and reporting – after all, their businesses are now on the line.”
207 people were questioned in the survey. All of those asked were security decision makers who had responsibility for anything from risk to compliance. They also had communications with the top people in the companies.
Part of the research was to investigate the factors that prevent companies from becoming effective in security performance management (SPM). Such as organisational misalignment or technological complexities.
A key finding from the report found that businesses are more driven when they have effective security performance. Over three-quarters of respondents agreed that a company would improve from having security measures in place and that this would be beneficial to both business continuity and reputation.
The report also discovered that 79% of security decision makers asked, say the demand from partners and customers for cybersecurity reporting has grown. However, they also suggested that these recipients receive the least detailed amount of security reports too.
Despite almost two-thirds of respondents saying they have introduced formal security performance metrics; it was also stated that the metrics often lack context and complete information. This can leave firms ignorant to any potential risks.
Just under half say their preferred metric is security ratings. It was added that if they use cybersecurity ratings, 43% feedback results to customers and partners whilst 63% pass them on to the board.