An annual cyber security maturity self-assessment completed by 878 individuals in 24 industries (The RSA Cybersecurity Poverty Index™ 2016) revealed that companies generally lack the ability to catalogue, assess and mitigate cyber risks, with 45% reporting that the capability to do so is either ad hoc or non-existent.
The survey also shows that almost 75% of companies have a significant exposure to cyber risks.
The survey found that 71% of respondents had inadequate processes for identifying assets that support critical business functions. This type of assessment is critical in order to be able to accurately assess risks, and to govern and prioritise security efforts.
The above statistics demonstrate that companies are not able to effectively measure, assess and mitigate their cyber risks, “making it virtually impossible to prioritise security investment and measures”.
The importance of a risk assessment
At the centre of any mature cyber risk programme should be a comprehensive, well planned and executed cyber security risk assessment, which is designed to identify the relevant assets or risks, and enable the business to prioritise the different security measures necessary.
The risk assessment should be seen as a foundational activity for any company looking to improve their security and risk posture.
Reputable risk assessment software presents an effective way for companies to conduct a productive risk assessment.
With vsRisk™, you get all of the following:
- A library of typical ‘at-risk’ information assets.
- A set of threats and vulnerabilities, assigned to each asset group.
- A full set of mitigating controls, taken from ISO 27001:2013 and applied to each set of risks.
- A comprehensive suite of customisable policies and procedures, applied to each risk that can be used as evidence of controls implemented.