Skip to main content
Survey Report

The Cybersecurity Imperative – Benchmark your maturity

The cybersecurity imperative

November 5, 2018

Most global executives surveyed for The Cybersecurity Imperative, cite untrained employees as the greatest cyber risk, just one of many important findings.
Cyber Risk Management

On October 16, Willis Towers Watson announced the release of a comprehensive study about organizations’ cybersecurity performance conducted by leading research firm, ESI ThoughtLab, together with a cross-industry coalition of organizations, including WSJ Pro Cybersecurity.

About the study

For the study, ESI Thought Lab surveyed C-Suite, including Chief Information Security Officers, of 1,300 organizations with revenues ranging from under $1 billion to over $50 billion, across multiple industries spanning APAC, Europe, US/Canada and Latin America. This first-of-its-kind evidence-based research project offers companies the strategic insights and benchmark data needed to ensure that their cybersecurity systems are fit for today’s demanding digital marketplace. The research used elements of the cybersecurity framework recommended by the National Institute of Standards and Technology (NIST), as well as those under the International Standards Organization (ISO), to allow respondents to provide answers regardless of which framework they use. Based on scores relating to progress on the NIST, ESI ThoughtLab segmented companies into three stages of cybersecurity maturity: Beginners, Intermediates and Leaders. This study offers tremendous value as executives rated their company’s progress across the NIST framework (identify, protect, detect, respond, recover) and based on the rankings, composite scores were calculated by industry, region and other data cuts.

Some highlights from the study include the following:

  • The majority of executives (87%) around the world cite untrained staff as the greatest cyber risk to their business
  • Cybersecurity beginners are more concerned about external threats (42%) such as threats from partners, vendors, and suppliers
  • As companies become more advanced in cybersecurity, they increase their investment in cybersecurity resilience, with cybersecurity beginners spending 14% of their cyber budget and cyber leaders spending 18% on recovery
  • Organizations whose cybersecurity practices do not keep pace with their digital transformation initiatives are more likely to experience US $1 million or more in losses from a cyberattack
  • 80 percent of companies have at least a small amount of cybersecurity insurance, with healthcare companies averaging one of the highest amounts ($16.4 million) and manufacturing averaging one of the lowest ($8.6 million)

For an interactive look through the findings, download The Cybersecurity Imperative e-book.

For a more in-depth narrative, view The Cybersecurity Imperative whitepaper.

We can help

Willis Towers Watson helps organizations identify and analyze their cyber risks, exposures and vulnerabilities by measuring their current cyber resilience against the NIST or ISO frameworks. Our Cyber Risk Profile Diagnostic provides a customized, enterprise-level perspective into an organization’s cybersecurity strengths and weaknesses and makes recommendations on how to better prioritize mitigation strategy.

Request a demo of our Cyber Risk Profile Diagnostic to see how your current cybersecurity posture stacks up against NIST or ISO standards and your peers.

Related content tags, list of links Survey Report Cyber Risk Management
Contact Us