How Ready Is Your Company?
Just how do organizations like yours fare against this year's security challenges?
From January to May 2016, we ran an online survey asking respondents to gauge their company’s security readiness according to different areas identified in our 2016 Trend Micro Security Predictions. We tallied their responses and assigned corresponding ratings that reflect how they currently fare against this year’s biggest security concerns.
Getting a good rating means that the organization is equipped against this year’s biggest security challenges. A pass rating means that the organization has ample security safeguards in place but still has room to improve in certain areas. A fail rating denotes that the organization does not meet the bare minimum security requirements needed to protect their assets and data. Any organization with a fail rating would benefit from updating their existing security strategy and investing in appropriate solutions.Based on the results of the Security Readiness Survey, only 18% of the respondents are adequately prepared, while 21% are missing crucial points of protection. Below, we tabulated the results according to industry and geographical region.
Security Preparedness per Industry
Click the tabs below to see how different industries fared for each security concern.
Comunication & Media
Most security-ready: the government sector
The government sector ranked highest among other industries in overall security preparedness. Up to 34% of the respondents from government organizations earned a good rating. This is due to the sector’s lower exposure to IoT and mobile risks as well as satisfactory data management practices.
Least security-ready: the communications and media sector
Up to 43% of the respondents in the communications and media sector failed in terms of security preparedness. Due to their normal conduct of business, companies in the communications and media sector were much more exposed to third parties. This working setup is unavoidable, since outsourcing talent and technology is often crucial in this industry. But by working with external groups whose systems and devices may not be secure, organizations open up new channels for threats to come in or create new gaps for data to seep out. This fact was reflected in their below-average answers to security questions related to online advertising, mobile device management, and data protection.
Least-prepared for IoT threats: the healthcare sector
Although it scored high in other areas, the healthcare industry is the least prepared for IoT-related security concerns. Only 36% of the respondents expressed that they were confident in their organization’s ability to cope with the issues brought about smart devices and other IoT-related threats. This could prove tricky for companies should the move toward IoT devices become requisite in enterprise environments. For now, we are not foreseeing any large-scale attacks, so the respondents across industries are still in the clear.
Security Preparedness per Region
Click the map below to see how different regions fared for each security concern.
- GOOD: 34%
- PASS: 34%
- FAIL: 34%
Security Preparedness in Asia
While these good marks in Asia are solely driven by the number of respondents who gave the proper security answers, it still indicates that of those who we asked, majority tend to go beyond rudimentary antivirus solutions and enforce strict backup policies.
Security Preparedness in Europe
The landmark update to the EU Commission’s Data Protection Directive requires companies that handle the data of European citizens to tighten data protection practices. Up to 74% of respondents gave altogether satisfactory to excellent answers to data security questions.
Security Preparedness in Latin America
Respondents in Latin America struggle to manage mobile devices in their networks. 21% of respondents gave answers that expose them to the risks of BYOD like mobile threats and data leaks, specifically the lack of mobile device management strategies.
Security Preparedness in Middle East and Africa
Online extortion schemes use social engineering and exploits as entry points, so unsatisfactory answers like over-reliance on antivirus and insufficient patching practices tend to increase a company’s risk. 27% of respondents are not ready for these kinds of online attacks.
Security Preparedness in North America
25% of respondents in North America gave below-average answers regarding their exposure to data breach attacks, the highest in this region compared to other security issues raised in the survey. Up to 60% keep information that could ruin organizations if leaked.
Security Preparedness in Oceania
A great majority of respondents in Oceania admitted to relying primarily on antivirus to defend against malware, online threats and cyber-attacks. This is a poor security approach that not only opens a company to risk of a data breach but to other threats as well.
The data presented above reflect the existing security strengths and weaknesses of different industries in different regions. Ratings were heavily influenced by the online respondents’ access to and use of technology, plus the security requirements imposed on them by their respective governments. Based on the trends, there is no one solution that would benefit all organizations. The key to an organization’s preparedness is tailoring a strategy that would best reinforce the areas they are strong at, fill in their deficiencies, and rectify practices that negatively impact their security posture.
NOTE: The 2016 Trend Micro Security Readiness Survey was designed to analyze the security readiness of different organizations based on our predicted security trends this year. The data used in this report was collected from February 18 to May 3, with a total of 278 respondents worldwide. The online survey is still live and can be taken here.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases