[September 19, 2017] |
|
Reactive Security Strategy Poses Significant Challenge for CISOs
Today at Singapore International Cyber Week, F5
Networks (NASDAQ: FFIV)
released a comprehensive report on the evolving nature of the CISO role
and the IT security approaches organizations around the world are taking
in today's constantly shifting threat landscape. The report finds that
as IT security increasingly becomes a priority, CISOs' influence within
companies is growing; however, security strategy in many organizations
is still largely reactive and not yet aligned with business functions.
Conducted by the Ponemon Institute (News - Alert), the findings are based on interviews
with senior-level IT security professionals at 184 companies in seven
countries: The United States, the United Kingdom, Germany, Brazil,
Mexico, India, and China.
"This research provides a unique view into how CISOs are operating in
today's challenging environment," said Mike Convertino, Chief
Information Security Officer at F5. "It's clear CISOs are making
progress in how they drive the security function and the leadership role
they are assuming within companies. But in many organizations, IT
security is not yet playing the strategic, proactive role necessary to
fully protect assets and defend against increasingly sophisticated and
frequent attacks."
Key Findings
-
Responsibility growing for CISOs - Although CISOs have varying
degrees of influence among upper management in their organizations,
most CISOs are influential in managing their companies' cybersecurity
risks, and their impact is growing. Sixty-eight percent of respondents
say CISOs have the final say in all IT security spending, while a
slightly smaller number (64%) say they have direct influence and
authority over all security expenditures in their organizations.
Eighty-seven percent of respondents say the IT security budget has
increased significantly (18%), increased some (29%), or has not
changed (40%).
-
Alignment lacking with business - An IT security strategy that
spans the entire company is still very rare. Fifty-eight percent of
respondents indicate IT security is a standalone function and only 22%
say security is integrated with other business teams, while 45% say
their security function does not have clearly defined lines of
responsibility. Seventy-five percent of espondents say that due to
the lack of integration with business functions, turf and silo issues
have either a significant influence (36%) or some influence (39%) on
IT security tactics and strategies.
-
Recognition of security as a business priority is reactive - Sixty
percent of respondents believe their organizations consider security
to be a business priority, yet only 51% say their organization has an
IT security strategy, and of those only 43% say that strategy is
reviewed, approved, and supported by other C-level executives. The
findings indicate that change in security programs is largely
reactive, with material data breaches (45%) and cybersecurity exploits
(43%) the top two events that get attention from other senior
executives.
-
Crises driving influence with executive leadership - Sixty-five
percent of respondents say CISOs communicate directly with senior
executives, but rarely is it strategic discussion of all threats to
the organization. Respondents also acknowledged limited executive
communication around security events, with 46% stating that only
material data breaches and cyber attacks are reported to the CEO and
board of directors, while just 19% report all data breaches to this
group.
-
AI is a potential solution to staffing needs - A talent
shortage in IT security continues to loom large for CISOs. The average
headcount of IT security personnel will increase from 19 to 32
full-time (or equivalent) employees over the next two years, with
nearly half (42%) feeling their current staffing is not adequate.
Fifty-eight percent say they have difficulty hiring qualified security
personnel, with the biggest challenges identifying and recruiting
qualified candidates (56%) and an inability to offer a market-level
salary (48%). These challenges are pushing companies to look elsewhere
for solutions - half of respondents (50%) believe computer learning
and artificial intelligence can address staffing shortages, and 70%
believe these technologies will be important to their IT security
functions in two years.
Additional Resources
About F5
F5 (NASDAQ:
FFIV) makes apps go faster, smarter, and safer for the world's
largest businesses, service providers, governments, and consumer brands.
F5 delivers cloud and security solutions that enable organizations to
embrace the application infrastructure they choose without sacrificing
speed and control. For more information, go to f5.com.
You can also follow @f5networks on
Twitter (News - Alert) or visit us on LinkedIn and Facebook for
more information about F5, its partners, and technologies.
F5 is a trademark of F5 Networks (News - Alert), Inc., in the U.S. and other countries.
All other product and company names herein may be trademarks of their
respective owners.
This press release may contain forward looking statements relating to
future events or future financial performance that involve risks and
uncertainties. Such statements can be identified by terminology such as
"may," "will," "should," "expects," "plans," "anticipates," "believes,"
"estimates," "predicts," "potential," or "continue," or the negative of
such terms or comparable terms. These statements are only predictions
and actual results could differ materially from those anticipated in
these statements based upon a number of factors including those
identified in the company's filings with the SEC (News - Alert).
View source version on businesswire.com: http://www.businesswire.com/news/home/20170919006547/en/
[ Back To TMCnet.com's Homepage ]
|