Information security people are placing higher priority on vendor consolidation, collaboration between networking and security teams, and security awareness exercises to aid security posture and reduce the risk of breaches. That’s according to Cisco’s fifth annual 2019 CISO Benchmark Study, a survey of more than 3000 across 18 countries. Many CISOs are increasingly confident that migrating to the cloud will improve protection, while they are apparently decreasing their reliance on less proven technologies such as artificial intelligence (AI).
Complex security environments made up of solutions from ten or more cyber security vendors could be hampering info-security teams’ visibility across their sites, the survey suggests. A majority, 65 percent of respondents do not find it easy to determine the scope of a compromise, contain it and remediate from exploits. The unknown threats that exist outside the enterprise in the form of users, data, devices, and apps is also a top concern for CISOs. Hence, of those surveyed, near half, 49 percent have increased investment in cyber security defence technologies; 39 percent have security awareness training among employees; and 39 percent focused on implementing risk mitigation techniques.
Survey respondents also noted the continued high financial impact of breaches. Some 45 percent of respondents reported the financial impact of a breach to their organisation was more than $500,000. The good news is that more than half of respondents are driving breach costs below half a million. But there remains a stubborn eight percent claiming an eye-watering cost of more than $5m per incident for their most significant breach of the past year.
Steve Martino, Senior Vice President and Chief Information Security Officer at Cisco, said: “This year, more than ever before CISOs are reporting that they are taking a much more proactive role in reducing their exposure through consolidation and training, as well as investments in critical technologies, for cyber defence and breach containment, but the war is far from over. Security leaders are still struggling to get greater visibility across their organisation and into threats. You can’t protect what you can’t see. Cisco is committed to helping organisations address these challenges and implement new techniques and technology to stay one step ahead of malicious actors and threats.”
“Cyber fatigue” – defined as virtually giving up on staying ahead of malicious threats and bad actors – is down, from 46 percent in 2018 to 30 percent in 2019. Phishing and risky user behaviour (such as staff clicking malicious links in email or websites) remains high and is the top concern for CISOs.
