We recently surveyed 2,000 security executives at large, global enterprises and found that about one in three focused, targeted breach attempts succeeded.
Still, 75 percent of respondents were “confident” they were doing the right things with their security strategies, and a similar number said security is “completely embedded” in their cultures, with support from the highest-level executives.
Clearly, there’s a disconnect.
Surviving in this increasingly risky environment requires a cybersecurity “re-boot” to embrace an end-to-end approach that recognizes a spectrum of threats, minimizes exposure and identifies high-priority assets. This takes a few fundamental steps.
Are you confident that you have identified all priority business data assets and their location?
Are you able to defend your business from a motivated adversary?
Do you have the tools and techniques to react and respond to a targeted attack?
Do you know what the adversary is really after?
How often does your organization “practice” its plan to get better at responses?
How do these attacks affect your business?
Do you have the right alignment, structure, team members, and other resources to execute on your mission?
We believe security organizations need to improve the alignment of their strategies with business imperatives. While many organizations are making progress in compliance and risk management, security programs must continue to improve detection and prevention of more advanced attack scenarios.
Ultimately, security is everyone’s job.
While cybersecurity has gained full attention on company agendas, many chief information security officers (CISOs) still feel locked out of the C-suite. This isn’t necessarily a conscious snub; it’s more of a question of the security organization’s maturity level.
To succeed, CISOs have to step beyond their comfort zones and materially engage with enterprise leadership. Doing so will require them to speak the language of business to make the case that the security team is a critical pillar in the battle to protect enterprise value.
At the same time, the CISO needs to build the board’s cyber literacy with the goal of making it an equal priority to business risk assessment.
Effective cybersecurity requires organizations to achieve greater maturity regarding the main role of the security organization: protect the business from devastating losses.
By grasping the bottom-line impact of a breach, organization leadership will be motivated to act quickly.
And, as digital security strategies and new solutions emerge, organizations that tie security efforts to real business needs will gain justifiable confidence in their ability to deal with relentless and fast-moving threats.
Australia, Brazil, Canada, France, Germany, Ireland, Italy, Japan, Netherlands, Norway, Singapore, Spain, UAE, United Kingdom, United States
Banking, Capital Markets, Communications, Energy (Oil & Gas), Healthcare (provider & payer), High Technology, Life Sciences, Products, Industrial Equipment, Retail, Utilities, Insurance.
Understand extent to which companies prioritize security, how comprehensive security plans are, how resilient companies are with regard to security, and the level of spend for security.
Cybersecurity capability across 7 domains: business alignment, strategic threat context, the extended ecosystem, governance and leadership, cyber resilience, cyber response readiness, and investment efficiency.