
A recent market survey of 338 IT and security professionals has revealed that adoption of the U.S. National Institute of Standard and Technology (“NIST”) Framework for Improving Critical Infrastructure Cybersecurity has led to an increased confidence in the efficacy of security technology. When asked about their motivations for adopting the NIST framework, 70% of participants responded that they considered adoption to be a best practice. This was the most common rationale for adoption proffered by survey participants, with other motivations consisting of adoption being required by a business partner (29%), by federal contract (28%) or by another organization (20%).
These responses indicate that IT and security professionals are adopting the NIST framework for reasons beyond mere regulatory compliance or pursuant to a contractual obligation. The survey also spanned industry sectors ranging from banking, healthcare, education, retail and others, indicating that adoption of security frameworks is becoming the norm across all sectors. However, survey participants also expressed concern over the costs required to fully adopt the NIST framework. More than half of those that adopted the NIST framework stated that it would require a high level of investment to fully conform to all of the NIST framework’s requirements.
Nonetheless, once a company has adopted a security framework, it rarely abandons its use of the framework. Only 13% of survey participants stated that they foresee discontinuing the use of their cybersecurity frameworks in the coming year. This expected rate of retention is a signal that IT and security professionals around the country are increasingly confident in the efficacy of the cybersecurity protections provided by the NIST framework, which possibly justifies the high cost of full adoption. As a result, it is expected that more and more companies will begin to adopt the NIST framework to boost their cybersecurity protocols.
Reporter, Brett Schlossberg, Silicon Valley, + 1 650 422 6708, bschlossberg@kslaw.com.