DOE Cyber Conference Attendees are Confident about their Awareness of Threats to their Organizations

Silver Spring, MD – May 6, 2015 – e-Management releases results of a new CyberRx survey of attendees at the 2015 Department of Energy (DOE) Cybersecurity Training Conference, which was held April 21 – 23, 2015 at the Sheraton Kansas City Hotel at Crown Center. The DOE Chief Information Officer (CIO) and the Associate CIO for Cybersecurity hosted the training forum for federal staff and contractors. Approximately 25% of the conference’s 300+ attendees voluntarily participated in the survey. About half (51%) of the respondents of the CyberRx questionnaire were government staff. Ten percent represented large businesses. More than a third (36%) surveyed were small business professionals. The final three percent were unaffiliated organizations. Conference participants were generally optimistic about their cybersecurity awareness. A complete summary of the survey will be available May 12, 2015.

“This CyberRx survey offered insight into conference attendees’ awareness and understanding of their organizations’ cybersecurity readiness,” says e-Management Founder & CEO Ola Sage. “We got a glimpse into how familiar DOE cyber and IT professionals were with the new National Institute of Standards and Technology (NIST) Cybersecurity Framework, the DOE Cybersecurity Capability Maturity Model (C2M2), and organizations focused on information sharing and analyses of cyber threats.”

Large business attendees were the most confident asserting they understood where their companies were “most vulnerable for a cybersecurity breach.” More than seven in 10 (71%) of those respondents said they had “strong” or “very strong” knowledge of where their businesses were weak. Government professionals were almost as assertive with 69% saying they knew where their agency was most vulnerable to cyber-attacks. Only half (50%) of the unaffiliated reps claimed they had “strong” knowledge of their vulnerabilities. Small businesses, on the other hand, were far less likely to claim full understanding of the threats they faced from hackers. Only two out of five (40%) small business respondents said they fully grasped their most vulnerable areas.

When it came to what to do after suffering a cyber-attack, large businesses were certain they knew “what steps are needed to address a cybersecurity breach.” Everyone (100%) in this group of respondents said their knowledge of what was required was “strong” or “very strong.” Government respondents were also pretty self-assured with three-quarters (75%) suggesting they had mitigation plans in place to address breaches. Small business attendees, on the other hand, were far less convinced of what was necessary following attacks with roughly half (52%) having plans in place to address breaches. Half (50%) of the unaffiliated respondents said they had “some” process in place to address cyber-attacks.

The cost of a data breach can be significant for organizations regardless of size, mission, or customer base. Government respondents were the most certain when it came to understanding potential costs of cyber-attacks to their organizations. Half (50%) of the government participants surveyed said they knew the cost if their agency were to suffer a cybersecurity breach. In contrast, large business respondents were somewhat less confident around the cost of a breach when compared to government respondents. Less than a third (29%) said they knew the cost of the breach. Still, most of the respondents (43%) from large businesses said they were “unsure” of the cost of a breach. Small businesses were even more in the dark when compared to government and large business reps. Two out of five (40%) small businesses admitted they were unsure or had no idea of the cost of cyber-attacks. Roughly a quarter (24%) said they had a “strong” or “very strong” understanding of the cost of breaches. Unaffiliates said they had only “some” idea around the cost of a data breach.

Government and large business representatives were well-informed of the new NIST Cybersecurity Framework. Four of five (81%) government professionals surveyed said they had a “strong” or “very strong” understanding of the framework. The majority of large business respondents (57%) were “familiar” or “very familiar” with the NIST framework. Small businesses, on the other hand, were less knowledgeable as a whole with a little more than a third (36%) saying they were informed or well-informed of the NIST Framework. None of the unaffiliated had “strong” or “very strong” knowledge about the framework.

e-Management, established in 1999, delivers professional IT services and cybersecurity solutions that drive business performance. Its newest software innovation, CyberRx, helps small and medium-sized businesses (SMBs) reduce their cybersecurity exposure by enabling them to measure, mitigate, and continuously manage their cybersecurity risks using the National Institutes of Standards and Technology (NIST) Cybersecurity Framework as a guide. An award-winning and CMMI® Maturity Level 3 rated company, e-Management is a woman-owned, minority-owned, small business headquartered in Silver Spring, Maryland, and is certified by the State of Maryland as a Minority, Small, and Disadvantaged Business Enterprise (MBE/SBE/DBE). Additional information about e-Management and its services can be obtained at