Secureworks Launches First Cybersecurity Maturity Model Based on an Organization’s Inherent Risk

ATLANTA, Ga. — September 13, 2018Secureworks® (NASDAQ: SCWX), a leading provider of intelligence-driven information security solutions, today released the Secureworks Security Maturity Model, a pragmatic methodology that organizations of all sizes can use to evaluate their level of cybersecurity maturity relative to inherent risk.

Secureworks is releasing the model in response to its research which shows that more than one-third of US organizations (37%) face security risks that exceed their overall security maturity. Within that group, 10% face a significant deficiency when it comes to protecting themselves from the threats in their environment.

To increase global awareness of the gaps between cybersecurity maturity and risk, Secureworks is offering a complimentary evaluation that organizations can take to benchmark their maturity using Secureworks' methodology. Cybersecurity leaders who complete a simple online tool with the support of a Secureworks security expert will receive a report that scores the organization's capabilities and behaviors across five essential cybersecurity domains. The report also assigns a current security maturity tier and compares the organization's results to peer benchmarks. Intuitive charts and graphs throughout the report can be used to identify a desired future state of maturity, prioritize next steps in the journey and support more confident discussions about cybersecurity risk management with the board.

"Business executives tell us they're looking for ways to determine whether their cybersecurity capabilities and investment are in line with their business risk profile," says Hadi Hosn, Consulting Practice Leader, Secureworks. "Our recent study suggests that misalignment between security activities and actual risk is common enough to warrant a more pragmatic model that can help organizations both identify those gaps and adjust their security maturity goals accordingly."

Secureworks' Security Maturity Model is a holistic, risk-driven approach that incorporates elements of well-known frameworks like National Institute of Standards and Technology (NIST) and ISO 27001/02 with insight from Secureworks' global threat intelligence, analysis of more than 1,000 incident response engagements annually and observed best practices across 4,300 clients. Organizations who evaluate their maturity against this methodology are scored in the cybersecurity domains of: security organization and governance, security operations, cloud security, incident management and threat intelligence.

"Most frameworks come up short in helping you define the right journey to cybersecurity maturity because they don't account for inherent risk to begin with," says Hosn. "Instead of relying on checklists, the Secureworks Security Maturity Model blends the best of industry best practice frameworks with our proprietary knowledge and experience to help organizations invest precious resources more wisely."

Key Findings: Secureworks Security Leadership Study, 2018

Secureworks' proprietary security maturity evaluation methodology considers which security capabilities a company currently has in place as well as organizational behavior. In Secureworks' 2018 Security Leadership study, guarded companies, the least mature, were lacking the same processes that are commonly shared by resilient organizations, the most secure 7 percent of the respondents. The most divergent practices between resilient and guarded organizations include:

  • Aligning and prioritizing vulnerability assessments based on business goals (56% for resilient organizations vs. 2% for guarded, the least mature group)
  • Conducting real-time automated security analysis of business partners (36% vs. 2%)
  • Employing customized endpoint protection based on user profiles (84% vs. 3%)
  • Including both technical and business teams in Incidence Response tabletop sessions (92% vs. 45%)
  • Working with IR partners under retainer agreements (56% vs. 18%)
  • Integrating threat indicators, with enhancements, into security and workflow controls (80% vs. 6%)

About Secureworks

Secureworks® (NASDAQ: SCWX) is a leading global cybersecurity company that keeps organizations safe in a digitally connected world. We combine visibility from thousands of clients, artificial intelligence and automation from our industry-leading Secureworks Counter Threat Platform™, and actionable insights from our team of elite researchers and analysts to create a powerful network effect that provides increasingly strong protection for our clients. By aggregating and analyzing data from any source, anywhere, we prevent security breaches, detect malicious activity in real time, respond rapidly, and predict emerging threats. We offer our clients a cyber-defense that is Collectively Smarter. Exponentially Safer. ™

Special Note Regarding Forward-Looking Statements

Statements in this press release concerning Secureworks' plans and objectives relating to its capabilities and solutions are forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934 and Section 27A of the Securities Act of 1933 and are based on Secureworks' current expectations. Because forward-looking statements inherently involve risks and uncertainties, actual future results may differ materially from those expressed or implied by such forward-looking statements. These risks and uncertainties include, but are not limited to, competitive uncertainties and general economic and business conditions in Secureworks' markets as well as the other risks and uncertainties that are described in Secureworks' periodic reports and other filings with the Securities and Exchange Commission, which are available for review through the Securities and Exchange Commission's website at Secureworks undertakes no obligation to update any statements in this press release for changes that happen after the date of this release.

Media contact:
Doreen Kelly Ruyak
[email protected]


See for yourself: Request your demo to see how Taegis can reduce risk, optimize existing security investments, and fill talent gaps.