Report: Education Ranks Second-Last in Global Cybersecurity Assurance Report Card

• By Leila Meyer
• 12/05/16

Education received an overall score of 64 percent on the 2017 Global Cybersecurity Assurance Report Card, which ranked seven industries according to their risk assessment and security assurance. Only government scored lower, with an overall score of 63 percent.

The annual report created by Tenable Network Security in partnership with CyberEdge Group, measures the attitudes and perceptions of IT security professionals, rather than measuring the actual effectiveness of their security systems. The report card measures two different categories of cybersecurity – risk assessment and security assurance – and averages both to rate overall cybersecurity assurance.

The risk assessment index measured 11 key IT infrastructure components. According to the report, containerization platforms, DevOps environments and mobile devices had the lowest risk assessment scores, with 52 percent, 57 percent and 57 percent respectively. Meanwhile, Web applications had the biggest score drop, from 80 percent in 2016 to 62 percent in 2017. Overall, the 2017 risk assessment score dropped 12 percent from 73 percent in 2016 to 61 percent in 2017. "The marked decline in global confidence levels indicates that security professionals may be experiencing a drop in morale as a result of near-daily data breach headlines, compounded by fatigue as a result of the uphill battle to keep pace with emerging technologies and proliferating threats," stated the report.

The security assurance index measured six components of "an organization's ability to mitigate threats by investing in security infrastructure fueled by executive and board-level commitment." Three of the index components were new for this year, including viewing network risks continuously, aggregate risk intelligence, and aligning security with business. The other three index components included measuring security effectiveness, conveying risks to executives and the board, and executive and board-level commitment. Each of those three components indicated minimal change compared to the previous year, and the overall 2017 security assurance index was unchanged from 2016 at 79 percent.

Other key findings from the report:

• The average risk assessment score for the education industry was 64 percent;
• The average security assurance score for education was 63 percent;
• The three highest-scoring components of the education industry were assessing the network perimeter, assessing physical servers in the datacenter and measuring security effectiveness; and
• The lowest-scoring components of the education industry were assessing cloud environments, conveying risks to executives and board members, and executive and board-level commitment, all of which received a grade of F.

The full report and accompanying infographic are available as free, downloadable PDFs from Tenable Network Security's site.