Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Finds 89 Percent of UK Infosec Professionals Fail to Connect Cyber Success with Strategic Business Objectives

August 29, 2016

Columbia, MD

Twelve percent of survey respondents at Infosecurity Europe 2016 said they do nothing to measure and communicate security assurance within their organisations

A survey conducted by Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, has found that a large majority of responding security professionals fail to measure and communicate security assurance within their organisations, and are therefore unable to connect a successful cyber security program to achieving strategic business objectives for board members and senior executives.

Survey data from 250 IT security professionals collected during Infosecurity Europe 2016 revealed that 89 percent of respondents fail to use security metrics to prove the value of cyber security to the organisation.

“Organisations are allocating extensive budgets and resources to cyber security defences at present, but protecting customer data is just one of many returns that this investment can deliver,” said Gavin Millard, EMEA technical director, Tenable Network Security. “Security teams need to collect, but more importantly share, SMART (Specific, Measureable, Actionable, Relevant, and Timely) security metrics, to guide the organisation’s decision-making process and drive actions. Businesses invest in what they understand, clear and concise data on the security posture is a “must do” to ensure the security budget is available to protect organisations sufficiently.”

Thirty-one percent of security professionals surveyed said they do some measurement of security assurance, but admitted to sharing metrics only within the IT department. More than 12 percent of respondents confessed to not using any security metrics at all.

“Security professionals are delivering great results for their organisations day in and day out,” said Millard. “Every malware infection identified and eradicated, every policy violation corrected, every critical patch deployed in a timely manner, all demonstrate how effective the teams are, yet business leaders are not being informed. Security pros surely get their fair share of blame when things go wrong, so it’s to their advantage to also communicate success and improvements about their organisation’s security posture to the C-Suite.”

For those interested in doing more to communicate organisational security status and demonstrate the strategic business value of cyber security, Millard suggested starting with four fundamental operational metrics.

  1. Compliance: The percentage of in-scope systems with less than 70 percent adherence to requirements

  2. Visibility: The percentage of critical assets scanned at least every seven days for weaknesses

  3. Remediation: The percentage of internet-facing assets that get major vulnerabilities patched in less than seven days

  4. Prevention: The percentage of systems with up to date anti-virus technology

Tenable recently asked security experts how they communicate security program effectiveness to business executives and the board. To read more about the collected recommendations and best practices, check out the Using Security Metrics to Drive Action ebook.

For more information about how Tenable enables Chief Information Security Officers (CISOs) and other security professionals to effectively and easily communicate security metrics to the decision-makers and business leaders within their organization, download the Measuring Security Assurance: Turn Technical Data into Metrics Executives Can Understand white paper.

To find out more about how comprehensive solutions from Tenable give organizations the continuous visibility and critical context needed to protect their networks, visit tenable.com/solutions/security-assurance.

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include 53 percent of the Fortune 500, 29 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

Contact Information:

Dulcie McLerie
Smile on Fridays
[email protected]
+44 203 696 5822

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.