When it comes to cyber security, 45 per cent organisations admit to their inability to measure, assess and mitigate risk, describing their capabilities in this area as "non-existent", a survey today said.
According to a survey by RSA, the security division of EMC, size of a company is not a determinant of strong cyber security maturity and nearly 75 per cent of all respondents lack the maturity to address cyber security risks.
"...The greatest weakness of the organisations surveyed is the ability to measure, assess and mitigate cyber security risk with 45 per cent of those surveyed describing their capabilities in this area as 'non-existent' or 'ad hoc' and only 21 per cent reporting that they are mature in this domain," the cyber security poverty index said.
The index compiled survey results from more than 400 security professionals across 61 countries.
As per the index, lack of overall maturity is not surprising as many organisations surveyed, reported security incidents that resulted in loss or damage to their operations over the past 12 months.
RSA said counter to expectations, the research indicates that the size of an organisation is not an indicator of maturity.
"In fact, 83 per cent of organisations surveyed with more than 10,000+ employees rated their capabilities as less than 'developed' in overall maturity," it added.
"This research demonstrates that enterprises continue to pour vast amount of money into next generation firewalls, anti-virus and advanced malware protection in hope of stopping advanced threats. Despite investment in these areas, however, even the biggest organisations still feel unprepared for the threats they are facing," RSA President Amit Yoran said.