Tenable report says 55% of organisations lack confidence in cyber risk analysis

A recent study, commissioned by Tenable and conducted by Forrester Consulting, has highlighted the cybersecurity investments organisations plan to make in the next 12 to 24 months. The data is drawn from ‘Beyond Boundaries: The Future of Cybersecurity in the New World of Work,’ a commissioned study of more than 1,300 security leaders, business executives and remote employees, including 168 respondents in the U.K.

When asked about their cyber risk assessment capabilities, 61% of security leaders and business executives said their organisations were, at best, average. The study also found that 55% of organisations said they lack confidence in their ability to accurately analyse and measure their cyber risk, preventing them making better business and technology decisions due to a lack of technologies, processes, and/or data.

However, many said that they planned to make investments over the next 12 to 24 months to support their workforce strategy:

·         75% said they plan to increase their Network Security spend;

·         84% said they plan to invest in cloud infrastructure and platforms;

·         77% plan cloud-based collaboration tools and software investments;

·         66% plan to spend more on vulnerability management.

And it’s not just technology as, over the next 12 to 24 months, 100% said their organisation plans to add more security personnel.

“Organisations have adapted working practices dramatically in recent months, embracing a remote workforce model that has seen business-critical functions migrate to the cloud,“ explains David Cummins, VP of EMEA at Tenable. “Security had to take a backseat to functionality. However, with these changes now being adopted permanently, organisations must look to secure their new normal. While planned investment over the coming years is reassuring, it’s imperative security teams look for the right solutions. With a disparate workforce, it’s important to invest in adaptive user and data risk profiles that can disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud.”



Related posts

Scroll to Top