RSA‘s inaugural report on the “Cybersecurity Poverty Index” says a majority of large organizations see themselves as lacking in cyber maturity based on the National Institute of Standards and Technology‘s cybersecurity framework.
The company said Tuesday its survey of at least 400 security professionals around the world says 83 percent of large organizations and 75 percent of all respondents as self-reporting low maturity levels.
Respondents also reported protection as their most mature cybersecurity capability, while capabilities in detection and response fall behind others in terms of maturity.
“We need to change the way we think about security and that starts by acknowledging that prevention alone is a failed strategy and more attention needs to be spent on strategy based on detection and response,” said RSA President Amit Yoran.
As many as 45 percent indicated “nonexistent” or “ad hoc” practices to measure, evaluate and mitigate cyber risk, RSA added.
The company noted that while cybersecurity maturity does not depend on the size of an organization, the sector or industry as well as geographic location are also not established indicators.
Respondents from the telecommunications industry gave higher assessments of their maturity compared to the financial sector, while both the APJ and EMEA regions surpassed the Americas in reported maturity.