A survey made during the Infosecurity Europe 2016 exhibition at London Olympia by Tenable Network Security, Inc., an IT security product company, found that the majority of IT security people can only measure the return on less than 25 percent of their security spend.
Gavin Millard, EMEA technical director, Tenable Network Security, said: “It’s undisputed that security is one of the top priorities for organisations across the globe. However, our research revealed that many organizations struggle to accurately measure the return on IT investment and have little confidence that the money is being used effectively. This lack of accountability creates a gap between the security team and the c-suite, leaving the organization vulnerable.”
Survey data of 250 IT security people showed just 17 percent of respondents felt confident that the money being spent on security was being invested properly.
“The security team needs to understand the business needs of the organization, define and map security requirements based on those needs, collect relevant metrics and measure their success,” said Millard. “This is one of the best ways to not only demonstrate the value of IT, but also ensure security across the entire IT environment.
Tenable recently asked 33 cyber security figures how they communicate security programme effectiveness to business executives and the board. To read more about the collected recommendations and best practices, see the Using Security Metrics to Drive Action ebook.
For more information about how Tenable enables Chief Information Security Officers (CISOs) and other security professionals to effectively and easily communicate security metrics to the decision-makers and business leaders within their organization, download a Communicating Security Program Effectiveness white paper. Visit tenable.com/solutions/security-assurance.
