A survey conducted during Infosecurity Europe 2016 by Tenable Network Security has found that the majority of IT security professionals can only measure the return on less than 25 percent of their security spend. “It’s undisputed that security is one of the top priorities for organizations across the globe,” said Gavin Millard, EMEA technical director, Tenable Network Security. “However, our research revealed that many organizations struggle to accurately measure the return on IT investment and have little confidence that the money is being used effectively. This lack of accountability creates a gap between the security team and the c-suite, leaving the organization vulnerable.”
Survey data of 250 IT security professionals showed just 17 percent of respondents felt confident that the money being spent on security was being invested properly.
“The security team needs to understand the business needs of the organization, define and map security requirements based on those needs, collect relevant metrics and measure their success,” said Millard. “This is one of the best ways to not only demonstrate the value of IT, but also ensure security across the entire IT environment.
Tenable recently asked 33 security experts how they communicate security program effectiveness to business executives and the board. To read more about the collected recommendations and best practices, check out the Using Security Metrics to Drive Action ebook.
