A study conducted by EMC‘s security division RSA has found 75 percent of 878 respondent organizations across more than 24 industries worldwide believe they face a “significant” risk of exposure to cyber threats.
RSA said Tuesday its second annual Cybersecurity Poverty Index study offered participants from 81 countries an opportunity to self-assess the maturity of their cybersecurity programs against a framework developed by the National Institute of Standards and Technology.
Government and energy were the lowest-ranked industries studied in the survey as only 18 percent of respondents cited their cyber maturity as “developed” or “advantaged.”
Many organizations surveyed still struggle in finding ways to increase security of their systems due to a lack of knowledge of how cyber risks can affect their operations, according to RSA.
“We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasizes detection and response,” said RSA President Amit Yoran.
“Organizations need to set their agendas early, build comprehensive strategies and not wait for a breach to force them into action.”
Forty-five percent of survey participants said their capacity to catalog, assess and mitigate cyber risks are “non-existent” or “ad hoc” and 24 percent consider their threat mitigation systems as “mature.”
The percentage of respondents that reported possession of “advantaged capabilities” to manage cyber risks increased to 7.4 percent from 4.9 percent in the prior year’s index.
Aerospace and defense was the survey’s highest-ranking industry in maturity as 39 percent of respondents from the A&D sectors described their systems as developed or advantaged.
According to RSA, the percentage of financial services organizations that said they were prepared for cyberattacks decreased from 33 percent in 2015 to 26 percent this year.
The self-assessed maturity levels of organizations in the Americas fell behind the ratings of Europe, Middle East and Africa-based organizations as well as those in the Asia-Pacific region, the company noted.