Thycotic’s 2018 RSA Conference Survey Uncovers Contradictory Expectations Surrounding Security Practices

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Today we released the findings from our survey conducted at RSA Conference 2018. The survey, which included responses by more than 250 cybersecurity professionals, revealed that security professionals are exhibiting double standards surrounding incidents and breach reporting.

According to the survey, 84 percent of respondents wanted to be notified immediately if a company they worked with had experienced a breach. Yet, only 37 percent of these same cybersecurity professionals would notify customers right away if their organization was breached. 

Just as disturbing was that many cybersecurity professionals would not go on record to admit that their organization had been breached. Only 32 percent of security experts admitted that their companies had been a victim of a cyberattack in the past 12 months. However, many respondents indicated, “I wouldn’t tell you even if we had experienced an incident or breach.” In addition, nearly one out of six respondents admitted they had experienced a data breach and kept it a secret from the public or unsuspecting victims, which could be the result of pressure from executives or board members since these incidents could have a major negative impact on the business. 

“The message we are getting from security professionals’ responses are that if a company they do business with has experienced a data breach, they want to be notified as soon as possible. But they appear reluctant to reciprocate when an incident occurs in their own organization,” said Joseph Carson, chief security scientist at Thycotic. “When it comes to breaches, transparency is key and preparing an incidence response plan can help companies be ready so that they can minimize the damage that such a serious event can cause to not only their company but to that of their customers.” 

While the findings around double standards on breach and incident reporting were concerning, We also found that progress, while uneven, was being made when it came to incident response planning. 

Additional survey findings include:

56 percent of security experts confirmed they have an Incident Response plan in place and tested20 percent have prepared a contact list and communications to manage an incident12 percent have conducted “Red Team” training with their executives10 percent have got a public relations team prepped to manage incident communications, and legal team advisors ready

“In an age when experiencing a data breach seems almost inevitable, a solid incident response and recovery plan can reduce data breach costs significantly as well as avoiding a devastating negative impact on brand and customer loyalty,” added Carson. “While these results show some progress is being made in this area, there is a lot more that can be done.”

conducted at the 2018 RSA Conference. The survey, which included responses by more than 250 cybersecurity professionals, revealed that security professionals are exhibiting double standards surrounding incidents and breach reporting. 

According to the survey, 84 percent of respondents wanted to be notified immediately if a company they worked with had experienced a breach. Yet, only 37 percent of these same cybersecurity professionals would notify customers right away if their organization was breached. 

Just as disturbing was that many cybersecurity professionals would not go on record to admit that their organization had been breached. Only 32 percent of security experts admitted that their companies had been a victim of a cyberattack in the past 12 months. However, many respondents indicated, “I wouldn’t tell you even if we had experienced an incident or breach.” In addition, nearly one out of six respondents admitted they had experienced a data breach and kept it a secret from the public or unsuspecting victims, which could be the result of pressure from executives or board members since these incidents could have a major negative impact on the business. 

“The message we are getting from security professionals’ responses are that if a company they do business with has experienced a data breach, they want to be notified as soon as possible. But they appear reluctant to reciprocate when an incident occurs in their own organization,” said Joseph Carson, chief security scientist at Thycotic. “When it comes to breaches, transparency is key and preparing an incidence response plan can help companies be ready so that they can minimize the damage that such a serious event can cause to not only their company but to that of their customers.” 

While the findings around double standards on breach and incident reporting were concerning, we also found that progress, while uneven, was being made when it came to incident response planning. 

Additional survey findings include:

56 percent of security experts confirmed they have an Incident Response plan in place and tested20 percent have prepared a contact list and communications to manage an incident12 percent have conducted “Red Team” training with their executives10 percent have got a public relations team prepped to manage incident communications, and legal team advisors ready

“In an age when experiencing a data breach seems almost inevitable, a solid incident response and recovery plan can reduce data breach costs significantly as well as avoiding a devastating negative impact on brand and customer loyalty,” added Carson. “While these results show some progress is being made in this area, there is a lot more that can be done.”

Download the report here!

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1254 Followers
About Thycotic
Thycotic’s award-winning Privileged Account Management solutions minimize privileged credential risk, limit user privileges and control applications on endpoints and servers. Thycotic is one of the world’s fastest growing IT security companies because we provide customers with the freedom to choose cloud or on premise software solutions that are the easiest to implement and use in the industry. Thycotic solutions are the highest rated PAM tools by your Gartner peers, and trusted by over 10,000 users worldwide including 25% of Forbes Top 50 Companies, and 20% of the Fortune 500.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel