In the US, power and industrial companies were the most confident, with 86 percent of companies from these sectors rating their firms as either above average, or top-tier in terms of their preparedness. The US financial firms were the least confident, with only 60 percent rating their firms as either above average or top-tier.
Telecommunications companies fell somewhere in the middle, with 72 percent of respondents ranking themselves above average or top-tier.
It may be premature to break out the champagne.
Maxine Holt, a research director on the team conducting the survey says:
“IT leaders have greater funding than ever to protect organizations from the continuously evolving threat landscape and meet complex compliance demands.These same IT leaders are undoubtedly keen to believe that the money being spent provides their organization with a better security posture than any other – but the rapid pace of investment, often in point solutions, rarely takes an organization-wide view of security.”
In short, the increase in confidence might be illusory. The risk is that if too much is read into these numbers, it may lead to overconfidence, which could lead to an under-investment in security in subsequent years. This can ultimately set these companies (or at least some of them) up for failure and disappointment when their expensive security measures prove not to be nearly as effective as they initially believed.
Even if you didn’t participate in the recent survey, it bears asking the question: How would you rate your company’s ability to fend off an attack, relative to your competition?