Evaluate Your Security Maturity
Take this quiz to assess your security operations program and see how well your organization is positioned to proactively defend against threats, increase risk awareness, shorten response times and remain resilient.
How often does your organization report on the state of your security program to the board?
Monthly
Quarterly
Ad-hoc
Optiv Security Maturity Quiz
1
2
3
4
5
6
7
8
Select One
Question 1 of 8
Regularly reporting on your security program ensures your organization stays aligned on current needs and future goals.
According to data from Optiv and Ponemon's 2024 Cybersecurity Threat and Risk Management Report, organizations report on the state of their cybersecurity risk management program to C-level executives and/or the board of directors:
No regular schedule
Only following a security incident
Annually
8%
15%
21%
26%
30%
Great
Rating:
Good
Regularly reporting on your security program ensures your organization stays aligned on current needs and future goals. Consider setting up a regular cadence to have these conversations.
Fair
How would you describe your security awareness training priorities?
Robust
We invest in hands-on training for security staff and conduct regular tabletop exercises for business leaders.
We provide security guidance after major incidents and send occasional phishing email tests.
Minimal
We meet compliance with an annual training module.
Question 2 of 8
Human error is still a driving force behind data breaches. Robust training across your organization can significantly reduce the risk of internal threats.
For an additional resource, check out Optiv’s cybersecurity training deck to help reinforce best practices with your employees.
average lowered cost of a data breach by organizations with high levels of employee training
Source: Cost of a Data Breach Report 2023
$1.5M
Cybersecurity training should be a year-round initiative. Check out Optiv’s cybersecurity training deck to help reinforce best practices with your employees.
Does your organization have a cyber insurance policy?
Yes
No
Question 3 of 8
As the cyber insurance market continues to shift, cyber insurance should remain part of your overall risk management approach. Many cyber insurance companies are looking for organizations with managed and co-managed security solutions in place as they assess rates for attainment and/or renewal cycles.
Optiv's cyber insurability services help make the cyber insurance process more predictable and provides resources and expertise to help strategically and effectively manage cyber risk.
According to data from Optiv and Ponemon's 2024 Cybersecurity Threat and Risk Management Report respondents say their organizations:
Have cybersecurity insurance — 29%
Plan to purchase cybersecurity insurance — 48%
Other — 23%
Cyber insurance, once a “nice to have,” is now a “must have” to operate a business and should be part of your overall risk management approach. Prioritize obtaining cyber insurance as soon as possible.
Find out how Optiv can help you navigate the complexities of cyber insurance.
Approximately how many security tools do you have in your tech stack?
0-30
31-60
60+
Question 4 of 8
Many organizations employ too many tools, making it easy to lose track of what unique value each tool provides, leading to overspending and complexity.
See how to jumpstart your journey to evaluating and optimizing your existing cybersecurity tool stack with Optiv’s technology consolidation and rationalization starter kit.
Organizations surveyed in Optiv and Ponemon's 2024 Cybersecurity Threat and Risk Management Report have an average of 54 separate cybersecurity technologies.
of respondents say their organizations have too many cybersecurity tools to be able to achieve a strong cybersecurity posture
40%
How confident are you that each of your security tools is proving its value?
Very confident
We don’t have any redundant tools or security gaps.
Somewhat confident
Some of our tools might not be worth what we are paying for them.
Not confident
We have more tools that we can effectively manage.
Question 5 of 8
Organizations that have done an in-depth analysis of their tech stack are much more likely to have more efficient technology utilization and lower costs.
Are there opportunities to increase coverage and lower costs even more? See what cybersecurity consolidation can do for you.
Source: Optiv and Ponemon's 2024 Cybersecurity Threat and Risk Management Report
of respondents rate these technologies as highly effective in mitigating cyber risks
51%
Want to know how your organization can enable better technology investments? With the right consolidation strategy, your organization can get more efficient technology utilization and lower costs.
Have a crowded technology environment? See what cybersecurity consolidation can do for you.
When was the last time your organization experienced a disruptive attack?
In the last 6 months
6-12 months ago
12+ months ago
Question 6 of 8
Organizations with managed security services or managed detection and response solutions experience fewer cyber incidents.
of surveyed MSS/MDR users have avoided any kind of disruptive attack over the past 12 months
52%
Source: Optiv’s 2023 Evaluation of Managed Security Services
Find out how managed security services can elevate your cybersecurity security program.
Find out how managed Security services can elevate your cybersecurity security program.
How is your organization embracing next-generation technology capabilities such as AI and SOAR?
Actively embracing
We are integrating next-gen capabilities across our organization.
Somewhat tentative
We are open to it, but unsure how to effectively fully embrace these capabilities.
Resistant
Due to internal expertise/bandwidth, we don’t plan on embracing these tech capabilities soon.
Question 7 of 8
AI-powered analytics and data engineering provide comprehensive insights into what’s happening in your environment. Leading security orchestration, automation and response (SOAR) technology reduces your time to respond and enables defined outcomes.
Organizations with extensive use of security AI and automation were
108 days
faster at identifying and containing a data breach than organizations with no use of security AI and automation
How concerned is your organization with these top SecOps challenges:
Not very concerned
We have the tools and talent we need to effectively run our SecOps program.
Somewhat concerned
We often deal with these challenges.
Very concerned
We are not equipped with the tools and talent we need to effectively face these challenges.
Hiring/retaining security talent The constantly expanding attack surface The increasing sophistication of threat actors
Question 8 of 8
As the attack surface and threat actors continue to evolve, ensuring that hiring and retaining top talent remains a budget priority is essential. Effectively budgeting for talent or outsourcing your security to an MSSP are two of the top considerations when dealing with these challenges.
Hiring/retaining security talent
The constantly expanding attack surface
The increasing sophistication of threat actors
58%
57%
Organizations rank their top three SecOps challenges as:
Without hiring and retaining the right security talent, your organization will face greater opposition with the expanding attack surface and sophisticated threat actors. Effectively budgeting for talent or outsourcing your security to an MSSP are two of the top considerations when dealing with these challenges.
Increasing your security maturity takes time and effort. We understand the challenges, and help organizations like yours evolve their security programs to ensure they are managing risk to secure business outcomes.
Analyze your on-going operations to determine your organization’s state, strengths, weaknesses and gaps, while looking through the lenses of people, processes and technologies. Opt for integration by replacing one-off solutions with technologies designed to integrate together and those that use strategic, operational and tactical intelligence from internal and external sources. Optimize detection and response capabilities continuously to reduce noise, attack surface and dwell time.
Low
Maturity Level:
Your recommendation:
Not bad! You are on the right track for building a proactive and mature SecOps program. We can help you fill in the gaps to enhance your security maturity.
Employ active defense strategies that use strategic, operational and tactical intelligence from internal and external sources. Make automation a priority by implementing SOAR and processes to continually measure the efficacy of people, processes, controls, KPIs and KRIs, tailored to the specific needs of the business. Stay future-ready by partnering with an end-to-end security solutions provider that allows you to continuously extend the capabilities of your people, processes and technologies.
Moderate
Love to see it! It looks like your SecOps program is well positioned to protect against threats and further your business goals. Our experts are always available to help you continue to enhance security maturity while increasing efficiencies and lowering costs.
Continue to be proactive by implementing integration across all security domains, people, processes and technologies to identify new and unforeseen threats. Make automation a priority by leveraging always-on and always-learning technologies that adapt to new threats and unlock future capabilities and insights. Leverage AI to help drive decision making. Increase resilience by applying comprehensive detection, response and platform management to reduce operational overhead and increase efficiency across overall framework.
High
Optiv MDR is an integrative detection and response platform backed by Optiv's proprietary data and detection engineering, SOAR and lightning-fast log analysis designed around your unique security stack to achieve your unique business goals.
Optiv MDR
Recommended Service:
Optiv provides both the MDR technology and service — from data ingestion, processing, storage, detection and response actions to expert advice and recommendations.
