A study of 2,100 organisations reveals a global divide in how organisations assess cyber risk, with less than half using strategic vulnerability assessments.
Only 48% of organisations polled use mature or moderately mature programs that include targeted and tailored scanning of computer resources based on business criticality as a foundational element of their cyber defence and risk reduction strategies, according to Tenable’s Cyber defender strategies report.
The report uses data science and real-world telemetry data to analyse how organisations are assessing their exposure to vulnerabilities to improve their cyber security posture.
Of those organisations using strategic vulnerability assessments, the study found that only 5% display the highest degree of maturity, with comprehensive asset coverage a cornerstone of their programs.
The “diligent” approach represents the highest level of maturity, achieving near-continuous visibility into where an asset is secure or exposed and to what extent through high assessment frequency.
On the other end of the spectrum, 33% of organisations take a “minimalist” approach to vulnerability assessments, doing the “bare…
