Security - the need for a new approach

Leaders increase their security response effectiveness through automating security tasks and prioritising threats based on business criticality.

  • 7 years ago Posted in
A new survey of 300 Chief Information Security Officers (CISOs) from around the world by ServiceNow spotlights the need for a new approach to respond to the rising number and cost of data security threats. In “The Global CISO Study: How Leading Organisations Respond to Security Threats and Keep Data Safe,” 88 per cent of UK CISOs surveyed report that detected data breaches are going unaddressed, compared to 80 per cent globally, and 64 per cent say it is difficult to prioritise threats based on business criticality.
This comes at a cost: Six per cent of UK CISOs (13 per cent globally) reported experiencing a significant security breach causing reputational or financial damage in the past three years. Manual processes, resources and talent deficiencies, and the inability to prioritise threats are impairing security response effectiveness. As a result, CISOs are increasing the automation of security tasks to bolster their response and remediation efforts.
“UK CISOs are spending an increasing amount on preventing and detecting data breaches, but our research underscores that response is where they should focus,” said Chris Pope, Office of the Chief Strategy Officer, ServiceNow. “Automating and orchestrating security response is the missing link for CISOs to radically increase the effectiveness of their security programs.”
Additional findings of the study from the UK include:   
  • Only 18 per cent rate their company as highly effective at preventing security breaches (19 per cent globally).
  • Customers may suffer the most from these gaps: Only 44 per cent of CISOs believe they are highly effective at protecting against customer data breaches (38 per cent globally).
  • Around two in five (38 per cent) of UK CISOs say manual processes and 32 per cent say a lack of resources are barriers to their organisation’s ability to detect and respond to security breaches.
     
  • Around one in 10 (12 per cent) of UK CISOs say their employees have developed the skills necessary to successfully prioritise security threats (7 per cent globally).
A small group of the overall survey sample (11 per cent globally and 12 per cent in the UK), titled “Security Response Leaders,” differ from the rest in that they:
    • Automate a higher percentage of security activities, including more advanced tasks such as trend reporting.
    • Prioritise responses to security alerts based on business criticality. 
    • Build stronger relationships with IT and other departmental functions.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...