| How would you rate your organization’s security policies, procedures,and technology safeguards in their ability to address the current threat landscape? | ||
|---|---|---|
| 2010 (N=285) | 2015 (N=303) | |
| Excellent, capable of addressing almost all of today’s threats | 22% | 37% |
| Good, capable of addressing most of today’s threats | 56% | 54% |
| Fair, capable of addressing only some of today’s threats | 18% | 9% |
| Poor, capable of addressing few of today’s threats | 2% | 1% |
| Don’t know/no opinion | 2% | 0% |
| In your opinion, how would you rate your organization’s executive management team on its willingness to invest in and support cybersecurity initiatives? | ||
|---|---|---|
| 2010 (N=285) | 2015 (N=303) | |
| Excellent, executive management is providing the optimal level of investment and support | 25% | 45% |
| Good, executive management is providing an adequate level of investment and support, but we could use more | 49% | 45% |
| Fair, executive management is providing some level of investment and support, but we could use much more | 21% | 9% |
| Poor, executive management is not providing the right level of investment and support and we could use much more | 2% | 1% |
| Don’t know/no opinion | 3% | 0% |
| Best Practice Step | Percentage of Total Survey Population |
|---|---|
| Organization always audits the internal security processes of strategic infrastructure vendors. | 53% |
| Organization always audits the internal security processes of strategic infrastructure vendors AND organization uses a formal audit process for all vendor audits. | 27% |
| Organization always audits the internal security processes of strategic infrastructure vendors AND organization uses a formal audit process for all vendor audits AND organization employs formal metrics/scorecards where IT vendors must exceed a scoring threshold to qualify for IT purchasing approval. | 14% |