Berkeley Research Group Releases Cybersecurity Preparedness Benchmarking Study

Despite a Strong Focus on Cybersecurity Culture, Many Organizations Do Not Believe Their Cybersecurity Programs Are Fully Effective

EMERYVILLE, CA--(Marketwired - September 08, 2016) - Berkeley Research Group released today its Cybersecurity Preparedness Benchmarking Study, detailing findings about cybersecurity practices from a survey of leading global organizations. The study focuses on six primary topics: Leadership, Information Governance, Risk Management, Essential Protection, Incident Response and Security Culture. BRG teamed with the Institute of Operational Risk to conduct the survey in the first two quarters of 2016.

Respondents provided views on the state of their organizations' cybersecurity preparedness, upcoming trends, and information on matters such as the role of the board, the executive and senior management and, where chief information security officers (CISO) exist, the degree of influence and reporting line within their organizational structure.

"Our findings highlight a number of shortcomings in current practices and opportunities for organizations to improve their cybersecurity programs," said Faisal Amin, BRG's Director of Strategic Benchmarking. "Strong cyber governance, supported through independent benchmarking, ensures organizations have a systematic and proactive approach to managing prevailing and emerging cyber threats. It also ensures that cyber risks are appropriately considered and managed at all levels within an organization.

"We are very pleased to work with BRG on such an important initiative. Every day, our members are managing operational risk, including cyber risk, within their respective risk management frameworks," said George Clark, Chair of IOR. "Uniquely, this study provides real-world insights on the relative strengths and weaknesses of organizations. We believe this greatly informs the debate on how to improve organizational readiness."

Key findings include:

  • Despite a strong focus on cybersecurity culture, many organizations do not believe their cybersecurity programs are fully effective.
  • Current employees are the likely cause behind most cybersecurity breaches.
  • Viruses and malicious software are the most common breaches.
  • Organizations mainly rely on cybersecurity assurances from external service providers and vendors. Most organizations do not have strategies for the emerging fields of the "Internet of Things" or "Big Data."
  • Organizations lack confidence in their cybersecurity incident response capability.
  • Organizations anticipate an increase in information security budgets.

BRG will present the study findings at international conferences and events beginning with the IOR London on 9 September. More information regarding the study and its findings can be found here:

Study Contacts:

BRG: Faisal Amin, Tony Moroney and Phil Rowley

IOR - George Clark and Alan Dunk

About Berkeley Research Group, LLC

Berkeley Research Group, LLC ( is a leading global strategic advisory and expert consulting firm that provides independent advice, data analytics, authoritative studies, expert testimony, investigations, transaction advisory, restructuring services, and regulatory and dispute consulting to Fortune 500 corporations, financial institutions, major law firms and regulatory bodies around the world. BRG experts and consultants combine intellectual rigor with practical, real-world experience and an in-depth understanding of industries and markets. Their expertise spans economics and finance, data analytics and statistics, and public policy in many of the major sectors of our economy, including retail, healthcare, banking, information technology, energy, construction and real estate. BRG is headquartered in Emeryville, California, with offices across the United States and in Asia, Australia, Canada, Latin America, the Middle East and the United Kingdom.

About the Institute of Operational Risk

The Institute of Operational Risk seeks to promote the development and discipline of Operational Risk. An objective is to foster and support investigations and research into the best means and methods of developing and applying the discipline. We do this through promoting knowledge, education and training and the exchange of information and ideas for the benefit of operational risk practitioners.

The Institute has existed since 2004 and is based in London with a number of international Chapters. Full details, including how to join, can be found at:

Contact Information:

Laura Miller