World’s Largest Cybersecurity Benchmarking Study Finds that Top Executives Believe their Organizations are Not Prepared for New Era of Risk
This landmark study provides private- and public-sector leaders with evidence-based insights into the cybersecurity practices and investments that are most effective for mitigating risks.
ThoughtLab, a leading global research firm, today announced the findings of its 2022 cybersecurity benchmarking study, Cybersecurity Solutions for a Riskier World. The study analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending.
Ground-breaking analysis reveals industry metrics and best-performing cybersecurity strategies
As part of ThoughtLab’s evidence-based research, its economists assessed the cybersecurity performance of corporate and government organizations against 26 metrics, including times to detect, respond to, and mitigate a cybersecurity breach, as well as the number of material breaches suffered. The benchmarking study revealed 10 best practices that can reduce the probability of a material breach and the time it takes to find and respond to those that happen:
Take cybersecurity maturity to the highest level
Ensure cybersecurity budgets are adequate
Build a rigorous risk-based approach
Make cybersecurity people centric
Secure the supply chain
Draw on latest technologies but avoid product proliferation
Prioritize protection of links between information and operating technologies
Harness intelligent automation
Improve security controls for expanded attack surfaces
Do more to measure performance.
A coalition of cybersecurity experts from leading companies, associations, and universities
The research program drew on the expertise of the Information Security Forum as well as a diverse group of cybersecurity leaders and experts from across the private sector, government, and academia.
ThoughtLab Press Release
Standard of Good Practice for Information Security
An internationally recognised set of good practice covering all aspects of cyber resilience, cloud security and information risk management.