Global Cybersecurity 2017
Assurance Report Card

Download the Report Key Takeaways Methodology Additional Resources

Executive Summary

In 2016, Tenable Network Security introduced its groundbreaking Global Cybersecurity Assurance Report Card to measure the attitudes and perception of 504 enterprise IT security practitioners across the globe. The report quantifies how security professionals rate their enterprise’s ability to both assess cybersecurity risks and mitigate threats. These scores were combined to produce a report card score on global cybersecurity status — whether or not the world’s cyber defenses are meeting expectations.

Reduced Confidence in Global Cyber Readiness

The 2017 Tenable Network Security Global Cybersecurity Assurance Report Card updates the 2016 findings. Tenable surveyed 700 security practitioners, assigning indices and grades based by country and industry. The data reflects an overall decline in perceptions of global cyber readiness, fueled by a pronounced inability to assess and mitigate cyber risks across the evolving IT landscape.

Collectively, participants scored just 61% on the Risk Assessment Index, a drop of 12% from 2016, and 79% on the Security Assurance Index, which remains unchanged. The average overall score, 70%, represents a six percent decline from last year.

Download the Full Report

Key Takeaways

70%

Global Cybersecurity Assurance Report Card

The average overall score, 70%, represents a six percent decline from last year.

61%

Global Risk Assessment Index

This metric represents the organization’s ability to assess cybersecurity risks across 11 key components of enterprise IT infrastructure. Collectively, participants scored just 61% on the Risk Assessment Index, a drop of 12% from 2016.

79%

Global Security Assurance Index

This figure, which is unchanged from last year, represents the organization’s ability to mitigate threats by investing in security infrastructure fueled by executive and board-level commitment.

Key Security Weakness: Emerging Technologies

Respondents ranked Risk Assessment for cloud and mobile among the biggest current enterprise security weaknesses worldwide. A notable concern includes failing grades in Risk Assessment scores for containerization platforms (52%), DevOps environments (57%) and mobile devices (57%).

This can be explained, in part, by the accelerated adoption of cloud and mobile computing, combined with the emergence of DevOps and containers that increase the complexity and decentralization of enterprise IT. Together, these advances make it more difficult for security teams to see everything on their networks and accurately assess cyber risks.

Overwhelming Threat Environment Remains Top Challenge

These challenges are further complicated by the constantly evolving and expanding threat landscape – the number one challenge for security pros for the second consecutive year. This heightened technological complexity creates even more opportunity for attackers to exploit gaps in security coverage, leaving all organizations vulnerable to compromise and breach, regardless of the size of their security investments.

As data from the 2017 Tenable Network Security Global Cybersecurity Assurance Report Card show, it has become more critical than ever for global businesses and government organizations to not understand the threats aligned against them, but to also have realistic methods to assess their own cybersecurity strengths and weaknesses.

By Country

A comparison of 2017 and 2016 results for Risk Assessment, Security Assurance and Overall Scores, broken out by country. Key takeaways show India, which was not surveyed in 2016, debuting in 2017 with the highest overall score at 84% (B), while last year’s leader, the United States, fell two points to second place, with a score of 78% (C+). Germany reported a 10 point drop to 62% (D-), while Japan, another new 2017 addition, reported confidence levels of 48% (F), the lowest of all nine countries surveyed.

  Global India USA Canada France Australia UK Singapore Germany Japan
Risk Assessment 61% 73% 70% 67% 67% 64% 59% 68% 44% 43%
Security Assurance 79% 96% 85% 83% 80% 78% 73% 60% 79% 52%
Overall Score 70% 84% 78% 75% 74% 71% 66% 64% 62% 48%
Overall Grade C- B C+ C C C- D D D- F
2016 Grade C n/a B- C+ n/a D+ C C- C- n/a

By Industry

Participant scores broken out by country, comparing 2017 and 2016 results. Notably, six of the seven industries surveyed reported lower scores in 2017. Telecom and Financial Services, last year’s top scorers, showed the largest drops in confidence in 2017, while Retail confidence levels lost just one point, assuming first place with a score of 76 (C).

  Retail Financial Services Manufacturing Telecom Health Care Education Government
Risk Assessment 66% 59% 59% 60% 54% 64% 59%
Security Assurance 86% 85% 86% 81% 76% 63% 67%
Overall Score 76% 72% 72% 70% 65% 64% 63%
Overall Grade C C- C- C- D D D
2016 Grade C+ B- C B- C D D

Methodology

In partnership with Tenable Network Security, CyberEdge Group developed a 12-question web-based survey instrument. The survey was promoted to information security professionals across nine countries and three geographic regions: United States and Canada (North America), United Kingdom, Germany and France (Europe), and Australia, Singapore, Japan and India (Asia Pacific). The survey was translated for non-English-speaking target audiences.

The online survey was conducted in October 2016. Each respondent met two demographic requirements: (1) employed at an organization with 1,000+ employees globally and (2) held an IT security position (i.e., not an IT generalist). Respondents who failed to meet either of these criteria were exited from the survey.

Sample Sizes

Respondents were derived from 19 industries and nine countries. Each country and industry referenced in this report included a minimum of 25 responses. Responses from industries with fewer than 25 responses were reported in the aggregate, globally and by country.

Analysis

Scores were calculated by adding the percentages of the two most-favorable responses of associated questions. Risk Assessment Scores are associated with 11 IT components depicted in question 6 (see Appendix 3). Security Assurance Scores are associated with questions 7-12.

Survey Demographics

Countries

Newly added this year were participants from France, Japan and India. Of the 700 total respondents, 43% were based in North America (U.S. & Canada), 32% in Europe (U.K., Germany and France), and 25% in Asia Pacific (Australia, Singapore, Japan and India).

IT Security Roles

Of the 700 respondents, three-quarters (combined 75%) held manager, director, or executive leadership roles.

Organization Size

Of the 700 respondents, more than one-third (combined 35%) were employed by organizations with 10,000 or more employees worldwide.

Industries

Although responses from 19 industries were collected, the top seven industries account for 62% of the responses.

More Resources

Related materials to learn more about the 2017 Global Cybersecurity Assurance Report Card results, industry challenges and solutions
Press Release:
Global Cybersecurity Confidence Falls to 70 Percent With a C Overall Grade for 2017
Infographic:
How Confident Are You in the Effectiveness of Your Security?
Blog:
Global Cybersecurity Confidence Declines
Forrester Report:
The Total Economic Impact of Tenable SecurityCenter CV