I recently summarized Tenable’s inaugural Global Cybersecurity Assurance Report Card in the blog, Grading Cybersecurity Around the Globe, pointing out some of the more interesting aspects. Now let’s take a closer look at some of the industry verticals and take a deeper dive into how they ranked against each other. Remember, the report took the responses from over five hundred security professionals and asked them to grade their organizations’ ability to assess cyber security risks and to mitigate threats that can exploit those risks. For industry verticals the grades ranged from a somewhat acceptable B- to a barely passing grade of D.
The head of the class
It is really no surprise to see financial services and telecom sitting at the head of the class, both scoring an 81% overall or a B-
It is really no surprise to see financial services and telecom sitting at the head of the class, both scoring an 81% overall or a B-. These industries have real money at risk and so it makes sense to see them with the highest scores. What is a little surprising is that they did not score an A. Financial services and telecom still have a lot of room for improvement. Both financial services and telecom received a D+ for assessing cloud applications; focusing on cloud security may offer the best possibility for overall improvement.
Middle of the road
In the middle of the pack are retail, manufacturing and healthcare in that order. With the recent high profile mega breaches hitting the retail sector, you would think that retail would score a bit higher. Healthcare has also not been immune to the mega breaches in recent history, and yet they only scored an overall 73% or a solid C. These three sectors all had problems with assessing mobile devices for risks; improvement in this area would really help their overall score.
Bottom of the heap
At the back of the class is government and education
And at the back of the class is government and education. First, just a note to point out that government in this report doesn’t necessarily mean US federal government; this is a global report and therefore government could be from any country or even include state or local governments. That said, considering how much governments have been trying to keep bad guys out, it is surprising to see them with an unacceptable and disappointing D.
Education has been the target of online criminals for years, going after not just PII (personally identifiable information) but research intellectual property as well. However, it could be that education’s reliance on mobile devices and a highly transient student population may be a factor in the sector’s low grades, especially considering that education scored an F on detecting and assessing transient mobile devices.
Resources
I encourage you to download the 2016 Global Cybersecurity Assurance Report Card report and infographic to examine the data in more detail. Or you can watch an on-demand webinar about the report findings for the US and Canada, EMEA, or APAC.
Next year when we repeat this research, you will be able to start looking at trends within your own industry vertical, which will make for some very interesting reading.