The majority of IT security experts actually struggle to measure the return on investment in security measures, Tenable Network Security says. Based on a survey of 250 IT security professionals, conducted during the Infosecurity Europe 2016 summit, it says that the majority can only measure the return on less than 25 percent of their security spend. What’s more, just 17 percent were confident their investments were being distributed properly.
“It’s undisputed that security is one of the top priorities for organizations across the globe”, says Gavin Millard, EMEA technical director, Tenable Network Security. “However, our research revealed that many organizations struggle to accurately measure the return on IT investment and have little confidence that the money is being used effectively. This lack of accountability creates a gap between the security team and the c-suite, leaving the organization vulnerable”.
“The security team needs to understand the business needs of the organization, define and map security requirements based on those needs, collect relevant metrics and measure their success”, says Millard. “This is one of the best ways to not only demonstrate the value of IT, but also ensure security across the entire IT environment”. Tenable also asked 33 security experts how they justify their security programs to business executives and the boardroom. Collected recommendations, as well as best practices, can be found in the “Using Security Metrics to Drive Action” e-book.