Information Security Benchmark Study 2019

Publish date:

For the fourth time in a row, this year’s Information Security Benchmarking Study examines the current security level of leading medium-sized organizations and large corporations.

71% of the participating companies are of the opinion that Agile Security enables them to react more quickly to changing security requirements.

Based on Capgemini’s proven Information Security Framework, the security level of the participating companies is evaluated in four key areas: Strategy & Governance, Organization & People, Processes and Technology. In addition, the most important security risks for cBased on Capgemini’s proven Information Security Framework, the security level of the participating companies is evaluated in four key areas: Strategy & Governance, Organization & People, Processes and Technology. In addition, the most important security risks for companies and their financial expenditures for Information Security are examined in more detail. This year’s study focuses on the increasingly important topic of Agile Security. The results of the study enable participants to gain detailed insights into strengths and weaknesses and to identify opportunities and risks of their current Information Security at an early stage. In addition, participants have the opportunity to compare themselves specifically with their peer group as well as to draw a comparison with the entire field of participants.ompanies and their financial expenditures for Information Security are examined in more detail. This year’s study focuses on the increasingly important topic of Agile Security. The results of the study enable participants to gain detailed insights into strengths and weaknesses and to identify opportunities and risks of their current Information Security at an early stage. In addition, participants have the opportunity to compare themselves specifically with their peer group as well as to draw a comparison with the entire field of participants.

Results of the Information Security Benchmark Study 2019

Social engineering is currently the biggest cybersecurity risk

In this year’s study, 78% of participating companies believe that social engineering is currently the biggest cybersecurity risk. Shortly behind were malware/ ransomware (60%) and advanced persistent threats (44%). Moreover, for slightly more than half of the participants (52%) the establishment of a cyber risk culture is one of the most important security issues this year. In addition, managing known vulnerabilities (41%) and improving cloud security (41%) are the biggest trends among the companies surveyed. This supports the current relevance for the cloud and the associated security risks in organizations.

The share of the IT budget that is attributed to cybersecurity is only 7.2%

Despite a significant increase in the number of cyberattacks and the resulting costs for companies, the share of the IT budget allocated to cybersecurity is only 7.2% on average for all participants. Of this, 43% is spent on protecting IT systems such as access controls, data security or firewalls. What is surprising is that only 15% of cybersecurity budgets are spent on the „Response and Recovery“ category. This includes measures such as Business Continuity Management (BCM), crisis simulation and incident management, which are becoming increasingly relevant. Nevertheless, the overwhelming majority of participants are convinced that their own Information Security is in line with the company’s organizational requirements.

When considering the focus topic, the importance of Agile Security becomes clear. 71% of the participating companies are of the opinion that Agile Security enables them to react more quickly to changing security requirements. In addition, 63% believe that adapting the security approach to a more agile implementation can help integrate Cybersecurity into day-to-day business. Organizations should integrate Information Security into agile projects from the outset to be prepared for novel cyber attacks and threats. Thus, 63% of the participants find it relevant to form interdisciplinary teams and to integrate security and data protection into projects at an early stage.

If we have aroused your interest, we offer you the opportunity to complete the assessment after the study free of charge so that you can compare yourself with your peers and other participants.

Contact us

If you have any questions about the study, please feel free to contact our expert Dr. Paul Lokuciejewski.

Information Security Benchmarking...

Dateigröße: 1,67 MB File type: PDF

Infografik Information Security...

Dateigröße: 3,20 MB File type: JPEG image