To uncover just how well organizations across the globe are able to assess and mitigate cyber risk, Tenable surveyed 504 IT security professionals employed by organizations with 1,000+ employees in August 2015. The survey was promoted to information security professionals across six countries and three geographic regions—United States and Canada (North America), United Kingdom and Germany (Europe), and Australia and Singapore (Asia Pacific).

Sample Sizes

Respondents were derived from 19 industries and six countries. Each country and industry referenced in this report included a minimum of 25 responses. Responses from industries with fewer than 25 responses were reported in the aggregate, globally and by country.


Each score was derived by adding together the percentages of the two most-favorable responses of associated questions. Risk Assessment Scores are associated with ten IT components depicted in question 5. Security Assurance Scores are associated with questions 4, 5, 7, 8, 9, and 10.

Survey Demographics


Of the 504 respondents, 60% were based in North America (U.S. & Canada), 25% in Europe (U.K. & Germany), and 15% in Asia Pacific (Australia & Singapore).

IT Security Roles

Of the 504 respondents, two-thirds (combined 67%) held manager, director, or executive leadership roles.

Organization Size

Of the 504 respondents, more than one-third (combined 38%) were employed by organizations with 10,000 or more employees worldwide.


Although responses from 19 industries were collected, the top seven industries account for 73% of the responses.