Examining security process maturity in 400 organizations
A new report by SecureTrust paints a bleak picture of the state of security process maturity across a broad range of sectors. The study rates the maturity of organizations on a scale of 0 to 5, with 3.5 being the minimum recommended score. However, every single industry in the report received a rating below 3.5.
The top ranking industry was e-commerce, which only received a rating of 3.01. It was followed by Telecommunications (2.84) and Service Providers (2.75). The worst rated companies were Hosting Providers, with an industry average score of only 2.14. When it came to specific control areas, all average scores were well below 3. The least problematic area was data protection (2.73), followed by Application Software Security (2.67) and Training (2.66).
Michael Petitti of SecureTrust said that the report’s findings “coincide closely with the continuous stream of breaches and privacy violations frequently in the headlines,” adding that “organizations in all industries putting the cart before the horse by incorporating security technologies without first gaining a clear picture of the controls and policies needed to achieve process maturity goals.”