Revenue rich, security poor: Bitglass investigate the Fortune 500
October 2, 2019
For the last 65 years, the Fortune 500 has listed the largest US companies as measured by gross income. But how well do these corporate giants perform when it comes to cyber security?
Cloud security specialist Bitglass has conducted research to find out whether the USA's top businesses are up to scratch when it comes to their cyber security strategies.
In its Cloudfathers Fortune 500 Cybersecurity Report, Bitglass analysed the content on each company’s website. The aim was to understand their cyber security awareness and positioning. They also searched the companies’ websites for key words such as "data protection" and "data privacy".
One thing they looked for was a cyber security statement. At the least, a security statement demonstrates an acknowledgment of the omnipresent threat of cyber attacks. At best, it could indicate an organised strategy is in place.
However, beyond a legally required mention of privacy, 52% of companies failed to express their cyber security positioning with such a statement. That means that 261 Fortune 500 companies do not articulate their policy in the face of ever growing cyber threats.
Bitglass also identified which industries were least security-conscious: construction; oil and gas; and hospitality. Only 25% of companies within these fields have information on their website about how they will protect partner and customer data.
In contrast, aerospace (89%), finance (72%) and technology (66%) are the industries most likely to demonstrate their understanding of data protection and their commitment to cyber security.
Regardless of the industry, any large business deals with data on a day-to-day basis. Bitglass reveal that the extent to which corporations are equipped to protect customer information and prepare for a data breach varies considerably.
The absence of a mission statement around cyber security could suggest that the company neglect cyber security, leaving them vulnerable. An attack would prove detrimental to such a business, impacting them financially, legally and operationally and damaging their reputation.
The conclusion is simple. In today’s data-driven climate, companies should regard privacy as a priority, as highly as they regard profit.
Chloe May is a technology journalist with a focus on cyber security and threat intelligence. Her articles have been published in several leading publications. She also enjoys writing creative poetry and prose.
Try as we might, there’s never been a policy written that effectively accounted for all possible future scenarios. That’s why teaching company rules alone doesn’t provide adequate security training. We …
Jackie Brinkerhoff, Senior Director Product Marketing at SailPoint outlines nine identity governance myths we must put to rest Technology has exposed us to both more opportunities and more dangers than …