Dick Bussiere, Principal Architect for Asia Pacific, Tenable Network Security
Global cybersecurity earned an overall score of 76 percent, which equates to an underwhelming grade of a 'C' average, according to the 2016 Global Cybersecurity Assurance Report Card.
Conducted by network security company Tenable Network Security, the aim of this inaugural research study is to measure how IT security professionals view their organisation's ability to assess cybersecurity risks, and to mitigate threats that can exploit those risks.
The survey tallied responses from six countries - United States (U.S.), United Kingdom (UK), Singapore, Germany, Australia, and Canada - across seven industry verticals (Education, Financial Services, Government, Healthcare, Manufacturing, Retail, and Telecom & Technology), polling 504 IT security professionals employed by large organisations (with over 1,000 employees) in August 2015.
According to the study, U.S. earned the highest Global Cybersecurity Assurance Report Card score among the polled countries. Although achieving a B- (80 percent) is nowhere near a perfect score, respondents from the U.S. clearly felt the most confident about their organisations' abilities to assess risk across the core infrastructure domains.
This finding came to be rather surprising, or ironic to say the least; considering that the nation has had cyber security attack news like data breaches topping the headlines for the past few years. Dick Bussiere, Tenable's Principal Architect for Asia Pacific, said that a lot of it has got to do with "disclosure laws".
"In the U.S., once you get breached, you have to disclose that your data has been compromised. The same law applies for other countries too, including the Western Europe. However, most countries in Asia Pacific do not have such laws in place. This means that even when such breaches take place in the region, they are all under the radar and not publicised," explained Bussiere.
On that note, Australia ranked the last place among the six countries, scoring a grade of D+ (69 percent). It scored the lowest for confidence in Risk Assessment and Security Assurance - this implies that Australian respondents were challenged in conveying confidence with every aspect of the survey.
Meanwhile, Singapore sits comfortably in the middle, ranking a joint fourth with Germany at 72 percent (C-). Singaporean respondents struggled to convey confidence across all aspects of the survey, never scoring higher than a C+ in any single area. In fact, all the security professionals scored Ds in the cloud segment. In other words, they were unconfident and unable to explain the risks tagged to cloud applications.
Education sector most vulnerable in terms of security
Out of the seven key verticals, the Financial Services and Telecom & Technology industries both earned the highest Cybersecurity Assurance Report Card score, at 79 percent and 77 percent respectively (both graded C+). Financial Services scored top marks in Risk Assessment, while Telecom & Technology took first place for Security Assurance.
Sign up for CIO Asia eNewsletters.