The Disconnect Between Breaches and Solutions
Security executives are confident in their ability to protect their enterprise, even though the average company suffers two or three cyber-attacks a month.
75% of the security practitioners surveyed are confident that they can protect their organization from cyber-attacks, despite the fact that one-third of attacks resulted in security breaches during the past year.
44% to 54% of respondents would spend more money on the same efforts they’re making now to combat breaches, even though those efforts are failing to prevent breaches.
Survey respondents said internal breaches have the greatest impact, yet 58% prioritize increased capabilities and perimeter-based controls over high-impact internal threats.
Only 37% said they are confident in their ability to monitor breaches, and just 36% said the same about minimizing disruptions.
Protecting the company’s reputation: 54%,
Safeguarding company data: 47%,
Protecting customer information: 44%
Only 28% of respondents would invest extra funds to mitigate against financial losses, and only 17% would invest in cyber-security training.
The survey respondents said that 98% of the breaches that were not detected by the security team were discovered by employees. So make security everyone’s job.
In a separate survey, Accenture found that 42% of respondents said they have a sufficient budget for security technology, but they need more money for training and for re failing to prevent breaches.
Even though cyber-security is on company agendas, many CISOs feel locked out of the C-suite. They should navigate beyond their comfort zones and engage daily with leaders to discuss business issues at the core of cyber-security.
Organizations that tie cyber-security efforts to real business needs will gain confidence in their ability to deal with cyber-threats.