Virtualization Technology News and Information
ServiceNow Survey Finds Over 80% of CISOs Say Data Breaches That They Know About Haven't Been Addressed

A new survey of 300 Chief Information Security Officers (CISOs) from around the world by ServiceNow spotlights the need for a new approach to respond to the rising number and cost of data security threats. In "The Global CISO Study: How Leading Organizations Respond to Security Threats and Keep Data Safe," more than 80 percent of CISOs surveyed report that detected data breaches are going unaddressed, and 70 percent say it is difficult to prioritize threats based on business criticality.

This comes at a cost: More than one in 10 CISOs reported experiencing a significant security breach causing reputational or financial damage in the past three years. Manual processes, resources and talent deficiencies, and the inability to prioritize threats are impairing security response effectiveness. As a result, CISOs are increasing the automation of security tasks to bolster their response and remediation efforts.

"CISOs are spending an increasing amount on preventing and detecting data breaches, but our research underscores that response is where they should focus," said Sean Convery, general manager, Security Business Unit, ServiceNow. "Automating and orchestrating security response is the missing link for CISOs to radically increase the effectiveness of their security programs."

Additional findings of the study include:

  • Only 19 percent rate their company as highly effective at preventing security breaches.
  • Customers may suffer the most from these gaps: Only 38 percent of CISOs believe they are highly effective at protecting against breaches of customer credit card or financial information.
  • More than 25 percent of CISOs say manual processes and a lack of resources are barriers to their organization's ability to detect and respond to security breaches.
  • Just 7 percent of CISOs say their employees have developed the skills necessary to successfully prioritize security threats.

A small group of the overall survey sample (11 percent), titled "Security Response Leaders," differ from the rest in that they:

  • Automate a higher percentage of security activities, including more advanced tasks such as trend reporting.
  • Prioritize responses to security alerts based on business criticality.
  • Build stronger relationships with IT and other departmental functions.

Global Research Report here:

Published Monday, April 24, 2017 9:11 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2017>