Executive Briefings

Many Execs Convinced Their Companies Are Secure Despite Limited Visibility, Study Says

Nearly 60 percent of 350 C-level executives surveyed believe they can "truthfully assure the board beyond a reasonable doubt" that their organization is secure, a surprising show of confidence in an environment where many reports reveal a high incidence of network breaches in up to 97 percent of all companies.

That's among the findings of a study by RedSeal, a cybersecurity analytics company, which found that a major reason for the disconnect: Less than a third of all respondents, 32 percent, claim they have full visibility into their global network.

In perhaps the most striking finding, a staggering 86 percent of the acknowledge gaps in their ability to see and understand what's really happening inside the network. At the same time, 79 percent admit that it’s impossible to effectively secure what can't be seen and understood. When asked if they "know for a fact that their network is currently under attack by hackers," 29 percent said yes. That leaves open the question of what the remaining 71 percent actually know regarding current threats.

“It’s remarkable how many executives say their networks are secure—until we drill down into the issue, and it becomes obvious not only that there are vulnerabilities, but also that many organizations have no idea where those weak spots are,” said Ray Rothrock, chairman and CEO of RedSeal. “This is exactly why corporations get breached so often even though they’ve invested in excellent security products. Security is a strategic, top-level issue, and it needs to be treated as such by the entire organization. The network is the business.”

The study also reveals a lack of understanding about what strategic security actually entails. Almost half the executives assert that security is strategic to their businesses, yet 72 percent say that security products (anti-virus, firewalls, monitoring, etc.) are necessary but not strategic to their business. Meanwhile, fully 84 percent agree that intra-company siloes (separate groups for security and networking operations) and inter-product siloes (disparate products, technologies, reporting) create wide gaps that prevent a truly secure environment. Those are the very concerns that could be overcome with a more strategic approach.

More than 350 C-level executives were surveyed. All are at organizations with 250 or more employees, and at least 20 percent lead companies with more than 1,000 employees. The responses offer a clear view into corporate America’s thinking regarding cybersecurity concerns and the different approaches enterprises take to the issue.

Source: RedSeal

That's among the findings of a study by RedSeal, a cybersecurity analytics company, which found that a major reason for the disconnect: Less than a third of all respondents, 32 percent, claim they have full visibility into their global network.

In perhaps the most striking finding, a staggering 86 percent of the acknowledge gaps in their ability to see and understand what's really happening inside the network. At the same time, 79 percent admit that it’s impossible to effectively secure what can't be seen and understood. When asked if they "know for a fact that their network is currently under attack by hackers," 29 percent said yes. That leaves open the question of what the remaining 71 percent actually know regarding current threats.

“It’s remarkable how many executives say their networks are secure—until we drill down into the issue, and it becomes obvious not only that there are vulnerabilities, but also that many organizations have no idea where those weak spots are,” said Ray Rothrock, chairman and CEO of RedSeal. “This is exactly why corporations get breached so often even though they’ve invested in excellent security products. Security is a strategic, top-level issue, and it needs to be treated as such by the entire organization. The network is the business.”

The study also reveals a lack of understanding about what strategic security actually entails. Almost half the executives assert that security is strategic to their businesses, yet 72 percent say that security products (anti-virus, firewalls, monitoring, etc.) are necessary but not strategic to their business. Meanwhile, fully 84 percent agree that intra-company siloes (separate groups for security and networking operations) and inter-product siloes (disparate products, technologies, reporting) create wide gaps that prevent a truly secure environment. Those are the very concerns that could be overcome with a more strategic approach.

More than 350 C-level executives were surveyed. All are at organizations with 250 or more employees, and at least 20 percent lead companies with more than 1,000 employees. The responses offer a clear view into corporate America’s thinking regarding cybersecurity concerns and the different approaches enterprises take to the issue.

Source: RedSeal