Close Menu Tables or Figures
Table 1. Respondents Rate Organization’s Cybersecurity Policies
How would you rate your organization’s security policies, procedures,and technology safeguards in their ability to address the current threat landscape?
 2010 (N=285)2015 (N=303)
Excellent, capable of addressing almost all of today’s threats22%37%
Good, capable of addressing most of today’s threats56%54%
Fair, capable of addressing only some of today’s threats18%9%
Poor, capable of addressing few of today’s threats2%1%
Don’t know/no opinion2%0%
Table 2. Respondents Rate Organization’s Executive Management Team with Regard to Cybersecurity Initiatives
In your opinion, how would you rate your organization’s executive management team on its willingness to invest in and support cybersecurity initiatives?
 2010 (N=285)2015 (N=303)
Excellent, executive management is providing the optimal level of investment and support25%45%
Good, executive management is providing an adequate level of investment and support, but we could use more49%45%
Fair, executive management is providing some level of investment and support, but we could use much more21%9%
Poor, executive management is not providing the right level of investment and support and we could use much more2%1%
Don’t know/no opinion3%0%
Table 3. Incidence of Best Practices for IT Vendor Security Audits
Best Practice Step Percentage of Total Survey Population
Organization always audits the internal security processes of strategic infrastructure vendors.53%
Organization always audits the internal security processes of strategic infrastructure vendors  AND
organization uses a formal audit process for all vendor audits.
27%
Organization always audits the internal security processes of strategic infrastructure vendors  AND
organization uses a formal audit process for all vendor audits AND
organization employs formal metrics/scorecards where IT vendors must exceed a scoring threshold to qualify for IT purchasing approval.
14%
To the Top