Infosec pros have little confidence in UK’s cybersecurity readiness

Tenable Network Security asked information security practitioners from the UK about confidence in their respective organizations’ abilities to assess risk, invest in appropriate tools and successfully respond to cyber threats, scoring 73% overall—an underachieving “C.”

Mobile device security is the Achilles heel in the UK: the country’s security professionals gave a failing grade to their ability to assess cyber risks related to mobile devices (rated “F” in UK, and “D” globally). The inability to even detect transient mobile devices in the first place (rated “D”) was another big challenge for the UK’s security practitioners, who scored themselves lower than the global average.

While most global respondents believe they have the tools in place to measure overall security effectiveness, scoring “B-,” this view isn’t mirrored in the UK, where survey respondents assigned a “C+.”

Cloud vulnerability management and risk assessment is another key concern for Brits, with the ability to assess risks in cloud infrastrucuture (IaaS) and cloud services (SaaS) earning a “D” and “D+” respectively.

“What this tells me is that UK security pros have a fairly realistic idea of where they stand when it comes to overall cyber readiness, and they believe there is a lot of room to improve,” said Gavin Millard, EMEA technical director, Tenable Network Security. “Cloud and mobile continue to disrupt enterprise IT, but what the survey shows, alongside an alarming lack of ability to detect and remediate threats associated with these non-traditional attack surfaces, is that security has to evolve in order to keep up with the rate of innovation. Organizations need next-generation solutions that can definitively answer the question ‘How secure are we?’”

According to the survey results, the biggest non-technical challenge facing UK information security professionals is an overwhelming threat environment, followed closely by a lack of qualified workers.

“Attackers are breaching the world’s cyber defenses seemingly at will, and organizations of all kinds are feeling the strain,” said Millard. “As we move into 2016, hopefully all parties will continue to come together to assess cyber security risks, build robust defences and mitigate attacks.”