return to news
News

World’s Largest Cybersecurity Benchmarking Study Finds that Top Executives Believe their Organizations are Not Prepared for New Era of Risk

ThoughtLab
Published 10 - May - 2022
riskemerging threatstechnologysupply chainpeople

This landmark study provides private- and public-sector leaders with evidence-based insights into the cybersecurity practices and investments that are most effective for mitigating risks.

ThoughtLab, a leading global research firm, today announced the findings of its 2022 cybersecurity benchmarking study, Cybersecurity Solutions for a Riskier World. The study analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending.

Ground-breaking analysis reveals industry metrics and best-performing cybersecurity strategies

As part of ThoughtLab’s evidence-based research, its economists assessed the cybersecurity performance of corporate and government organizations against 26 metrics, including times to detect, respond to, and mitigate a cybersecurity breach, as well as the number of material breaches suffered. The benchmarking study revealed 10 best practices that can reduce the probability of a material breach and the time it takes to find and respond to those that happen:

  1. Take cybersecurity maturity to the highest level
  2. Ensure cybersecurity budgets are adequate
  3. Build a rigorous risk-based approach
  4. Make cybersecurity people centric
  5. Secure the supply chain
  6. Draw on latest technologies but avoid product proliferation
  7. Prioritize protection of links between information and operating technologies
  8. Harness intelligent automation
  9. Improve security controls for expanded attack surfaces
  10. Do more to measure performance.

A coalition of cybersecurity experts from leading companies, associations, and universities

The research program drew on the expertise of the Information Security Forum as well as a diverse group of cybersecurity leaders and experts from across the private sector, government, and academia.