How do you think your cybersecurity investments and performance would hold up if they were graded? Do you think your company is doing an above average job in this area? According to a new study from Thycotic, chances are actually pretty good you’re going to receive a failing grade. In its first annual 2017 State […]
How do you think your cybersecurity investments and performance would hold up if they were graded? Do you think your company is doing an above average job in this area?
According to a new study from Thycotic, chances are actually pretty good you’re going to receive a failing grade. In its first annual 2017 State of Cybersecurity Metrics Report, 58 percent of respondents scored an “F” or “D” grade when evaluating their efforts to measure their cybersecurity investments and performance against best practices.
Think about that for a moment. How much money are you putting into your security investments – and then you find out they might not be operating as well as you expect? As the report pointed out, spending on cybersecurity defenses is more than $100 billion a year, but the problem is that too many organizations are spending that money blindly. Thycotic attributed this, in part, to a failure in planning. According to the study:
As Joseph Carson, chief security scientist at Thycotic, said in a formal statement:
It’s really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices.
An area the report noted as a particular concern is privileged user accounts. The purpose of privileged users is to protect certain data and provide network access to those who require access, but, as the report pointed out, if the access credentials are compromised, anyone can move around freely and without detection. Yet, the report found that 60 percent of organizations are failing to adequately protect privileged accounts. Carson said to me in an email comment:
Privileged accounts are one of the most sensitive accounts with an organization and sometimes referred to as “The Keys to the Kingdom.” They are the keys that unlock access to move around companies’ networks, systems and access to confidential and sensitive data. Unfortunately, many IT users lack a full understanding of how privileged accounts function, as well as the risks associated with their compromise and misuse. That makes them and their organizations much more vulnerable to potential monetary and reputational damage from increasing threats.
I wonder how often this happens in other areas across the network and data. If you want a passing grade on your cybersecurity performance, can you also get a passing grade in truly understanding your cybersecurity needs?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
