Trellix report gauges cyber readiness of German, British & French government agencies & critical infrastructure providers

705 Views

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released a global Cyber Readiness Report gauging technology adoption and perceptions of government cybersecurity leadership related to cybersecurity standards and the cooperation between the public and private sectors.

The Trellix report shows 87 percent of respondents from NATO countries of Germany, France and United Kingdom believe formalised, government-led initiatives can play an important role in improving their nations’ protection against cyber threats. Respondents from these countries see opportunities for improvement in their partnerships with government in areas such as cyber defence coordination, threat information sharing and software supply chain integrity.

The study, based on research conducted globally by Vanson Bourne, surveyed 900 cybersecurity professionals from organisations with 500 or more employees, including 200 respondents in the three European NATO countries of Germany, the United Kingdom and France.

“Global tensions and cyber-warfare incidents in Ukraine sharpen our focus on the cyber readiness of government and critical infrastructure,” said Bryan Palma, CEO of Trellix. “Our report assesses the progress of new technology implementation, like XDR. It also identifies areas of opportunity for stronger public-private partnerships, where increased coordination will keep us ahead of our adversaries.”

Cybersecurity technology adoption. Among German respondents, cloud cybersecurity modernisation appears to be furthest ahead in implementation. Forty percent claim to have fully implemented the advanced technology in this area, whereas only 27 percent appear to have fully implemented endpoint detection and response and extended detection and response (EDR-XDR) capabilities.

Among British respondents, 37 percent claimed to have fully implemented EDR-XDR and cloud cybersecurity modernisation, whereas multifactor authentication (MFA) and zero trust appear to be behind. Forty-seven percent of French respondents reported having fully deployed MFA, apparently placing the French furthest ahead in this area compared to their British and German peers.

Software supply chain risk. The majority (82 percent) of global respondents believe software supply chain risk management policies and processes are of either high or crucial importance to national security.

Seventy-six percent of U.K. respondents said these policies and processes as extremely or highly difficult to implement, and only 39 percent claim to have fully implemented such practices. Sixty-three percent of German respondents and 58 percent of French respondents identified these policies and processes as difficult to implement. Only 40 percent of the Germans and 36 percent of the French acknowledge fully implementing such measures.

The European respondents agree software security standards would improve across the entire software industry if their governments demanded higher software security standards within government implementations. But only 56 percent of German, 51 percent of U.K. and 48 percent of French respondents support government mandates demanding cybersecurity standards for the entire software industry.

Cyber skills challenges. While survey respondents identified a variety of barriers to implementation of advanced technologies, a cybersecurity talent shortage was revealed across the three countries. Forty-eight percent of German, 41 percent of British and 35 percent of French respondents acknowledged a lack of in-house cyber skills as a key challenge to their implementation efforts. Around a third of each group also identified a lack of implementation expertise as key barrier. These findings mirrored cybersecurity skills shortages in the U.S. and Asia Pacific.

Palma continued: “The cyber skills gap is well known; the report highlights the deficit is stifling the deployment of cybersecurity technology. Whatever innovation advantage the U.S. and its allies believe we have is irrelevant if we cannot implement the solutions.”

Public-private partnerships. Ninety-five percent of German and French respondents and 86 percent of British respondents believe there is room for improvement in the level of cybersecurity partnerships between their national governments and organisations.

Fifty-two percent of British, 46 percent of German and 35 percent of French respondents favoured a combination of incident notification and liability protection to facilitate sharing of cyber-attack data between impacted organisations, government partners and industry audiences. Forty-four percent of British and 41 percent of German and French respondents favoured tighter cooperation on cyber incident management while cyber-attacks and campaigns are in progress.

In terms of the types of data government should share to help organisations better protect themselves, nearly two thirds (60 percent) of British respondents would like to receive more data on cyber-attack campaigns in progress. Around half of German respondents said they would like to receive more information on different cybercrime and threat actor groups. Fifty-eight percent of French respondents say cybersecurity vulnerability data would be preferred above other data types.