New study reveals where organizations both hit and miss the mark across industries
Bitsight, a leader in managing and monitoring cyber risk, announced the results of a joint study with Google analyzing how organizations perform across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework—a minimum security baseline for enterprise-ready products and services.
Cybersecurity Control Insights: An Analysis of Organizational Performance found that while every industry in 2023 has a high pass rate for 10 of the 16 MVSP controls studied, many organizations are still failing on controls critical to protecting themselves against cyber incidents. The findings indicate that organizations across all industries have several areas in which they must improve their vulnerability management program to reduce exposure to potential breaches. Notably, 2023 Computer Software industry Fail rates for Dependency Patching and Time to Fix Vulnerabilities—which map to Bitsight analytics correlating to the likelihood of a breach—did not improve from 2020 rates as much as the macro average, leaving other industries vulnerable to third-party risk given their reliance on computer software.
“These findings shed light on critical areas where organizations across all industries, including the computer software industry, are struggling to meet even minimum cybersecurity standards. We also see areas that are strengths and where organizations are improving,” said Stephen Boyer, Co-founder and CTO, Bitsight. “By identifying gaps, strengths, and improvements, we hope to empower organizations and business leaders with knowledge to take action in enhancing their strategies, effectively benchmark performance, and learn from successful peers to strengthen their overall cybersecurity posture.”
The joint report found that eight MVSP controls—including Self-assessment, Dependency Patching, Vulnerability Prevention and Time to Fix Vulnerabilities—have either high 2023 Fail rates, low Pass rates, or both across all industries. This research comes at a time when it’s more important than ever for organizations to properly assess their cybersecurity performance. Business leaders around the world need to understand where their companies’ vulnerabilities lie and how they match up with others to better manage increasingly complex cyber risks and stakeholder demands. By understanding the pass and fail rates of MVSP controls organizations will be better armed with the knowledge to benchmark their security performance and improve their cybersecurity strategies to mitigate and reduce vulnerability.
CIO INFLUENCE News:Â SCYTHE Latest Version 4.1 Introduces Enhanced Deployment and AI-Driven Productivity Boost
“It is more important than ever for business leaders to be fully aware of the organization’s application security risk, and how they are performing compared to their peers,” said Chris John Riley, Staff Security Engineer, Google. “If organizations want to build and maintain a mature security posture in today’s turbulent and fast moving environment, they need leaders that prioritize security management and a culture of constant improvement. Using frameworks like the MVSP, organizations can take the initial necessary steps to develop a strong security culture within their organizations.”
CIO INFLUENCE News:Â Snowflake Advances its Trusted Data Foundation to Unite All Data and Extend Its Powerful Governance Capabilities
[To share your insights with us, please write to sghosh@martechseries.com]