Cybersecurity Perceptions Versus Reality

Research reveals disconnect between perception and reality of organizational cybersecurity maturity

In this new cybersecurity research report, Cybersecurity Perceptions Versus Reality, GoSecure surveyed IT security professionals to assess their perceptions and practices towards different aspects of their organization’s security posture and compared those results from our penetration testing experience. The results reveal disconnects and important information gaps in cybersecurity that need to be tackled.


Excerpts from the report:

  • Password Policies: 74.8% of organizations answered that passwords need to be a mix of letters, numbers, and special characters. And yet, in 55% of pentests, weak passwords are the vulnerability used as the root cause of a successful breach.
  • Patch Management: 90% of organizations believed that patch management is important or very important for the security of their systems. However, over 52% of respondents are saying it takes weeks, or longer, to apply patches.
  • Asset Inventory: 77.1% of organizations said that they kept a complete inventory of their assets, yet our penetration testers continue to leverage forgotten and unmaintained servers to enter a company’s network.

Key takeaways:

  • Security measures found with a disconnect between perception and practice
  • Insights and experiences from GoSecure’s penetration testing team
  • Actionable recommendations on how to secure the most common attack vectors

In the end, this report shows how organizations can overcome information gaps and biases by building their security practices around the most common attack vectors.