In a survey from the Columbia, Md.-based Tenable Network Security, the financial services industry tied for the top cybersecurity assurance score, however all industries surveyed said they struggle to assess cyber-risks associated with mobile devices.
Overall, information security practitioners gave global cybersecurity readiness an underwhelming "C" average and an overall score of 76%. Survey respondents also identified the cloud, mobile devices and board member involvement as common security weak points.
Tenable's "Global Cybersecurity Assurance Report Card," which assigned grades to organizations globally, by country and by industry, surveyed more than 500 IT security professionals worldwide to discover how well organizations assess and mitigate cyberthreats.
Financial services tied with telecom and technology for the top cybersecurity assurance score (B-, 81%). Other industries, including retail (C+, 77 %), manufacturing (C, 76%), health care (C, 73%), government (D, 66%) and education (D, 64%) did not fare as well.
Financial services also earned the top score for risk assessment assurance, while telecom and technology took first place for security assurance.
Respondents consistently cited cloud applications (D+) and cloud infrastructure (D) as two of the three most challenging IT components for assessing cybersecurity risks. According to the survey, the most challenging IT component for assessing security risks is cloud infrastructure – no other area across all 16 areas examined in the survey gave respondents more trouble.
Mobile devices (D) are also particularly challenging for assessing risks; part of the problem is clearly detecting transient mobile devices in the first place (C), the survey said.
When asked about the biggest challenges they face today, practitioners named an overwhelming threat environment, while reporting relative confidence in the effectiveness of cybersecurity products.
"What this tells me is that while security innovations solve specific new challenges, practitioners are struggling to effectively deploy an overarching security strategy without gaps between defenses," Ron Gula, CEO for Tenable Network Security, said.
On the upside, respondents largely believe they have the tools in place to measure overall security effectiveness (B-) and to convey security risks to executives and board members. On the downside, respondents said they question whether their executives and board members fully understand those security risks (C+) and are investing enough to mitigate them (C).
It's no surprise that many in the profession feel overwhelmed by the increasingly complex threat environment, Gula admitted.
"Another concern is the uphill battle security professionals face in mobilizing their organizations' leadership to prioritize security," he said. "There's a disconnect between the CISO and the boardroom that must be bridged before real progress can be made."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
