According to a new independent study by BitSight, 2 in 5 enterprises have lost business due to overall cybersecurity performance. The new study highlights the importance of effective security performance management in delivering enterprise success.
BitSight, a company focused on security ratings released their new study assessing how executives understand and measure cybersecurity performance and effectively communicate this area to the wider business. The commissioned study performed by Forrester Consulting on behalf of BitSight referred to as ‘Better Security and Business Outcomes With Security Performance Management’ suggests that cybersecurity performance is vital in delivering commercial success. Within the study, one particular finding highlights that just under 40% of enterprises believe they have lost business due to a lack of security performance within their business.
Tom Turner, the CEO of BitSight explains that overall success, brand perception and company reputation are all affected directly by security performance. Turner emphasise that in order to manage performance, you need to be capable of measuring it. Turner believes this study highlights the importance of security and the need for businesses to take a closer look at their own security strategies and its influence on performance management.
The survey delivered to over 200 security decision-makers explored the challenges and technological issues that generally hinder many businesses from implementing effective security performance management strategies. Other report findings include:
-Effective security performance management generates more business wins and enhanced security outcomes. Over 75% of survey respondents stated that an improvement to security performance management would have a significant impact on overall financial performance. The majority of the respondents also agreed that further measurement would enhance company business continuity and company reputation. Furthermore, businesses have created structured security performance metrics and more likely to successfully control their security, more likely to generate security policies and perform security training programs. Investment decisions and overall strategies are more likely to be trusted by a senior member, meaning security leaders are likely to see a continued increase year on year in the security budget.
– The study suggests that commercial success could be affected by steps in effectively measuring security performance and communicating this to other stakeholders. Nearly 80% of security professionals said that the demand for cybersecurity performance has risen, but decision-makers highlight that customers still receive relatively poor accuracy reports.
The survey indicates that metrics are vital to understand and improve overall communication concerning security performance. Over 60% of the respondents have implemented security performance measures, but 4 of the 5 stated their metrics lack detail and present an informed representation of overall performance.