The report identified several areas for continued improvement in planning and preparedness, especially seeing as only 75% improved during the coronavirus pandemic – even then only slightly. While that is progress, it isn’t the progress the industry needs to shore up defenses. Investing in security, in the long run, is often ultimately more cost effective than paying the recent exorbitant ransoms.”
The issues I would call out would include asset management; if you don’t know what you have or where it is, you’re not going to do well. It’s the first step in the NIST framework, and to know that seventy-three percent of our customers are failing to meet that, it’s not a good start.
And because of what happened last year, NIST added supply chain risk management about three years ago, and we’ve been doing supply chain risk management assessment for a while. So eleven of our seventy-eight customers achieved a score of three-point-zero out of five, meaning that they’re actually beginning to do that. It’s kind of like a “C” grade. And only eleven of the seventy-eight achieved that; everyone else got a D or an F.