Has cyber security accountability become a blame game?
69% of senior security and IT executives say digital transformation is forcing fundamental changes to existing cyber security strategies. That’s according to a new study conducted by BMC in association with Forbes Insights.
The research also found that financial and customer information, brand reputation, intellectual property, and employee information also featured as critical assets to protect against security breaches. New business priorities and technologies also create challenges for IT and security teams, with 65% of respondents indicating that public clouds have the biggest security implications.
The results of the survey of more than 300 C-level executives in North America and Europe also found that security transformation impacts both the technology choices enterprises make to ward off cyber thieves and the way companies organize internal stakeholders, assess risk, and prioritize future investments.
The central theme in this year’s report is the mandate for accountability and information sharing that must be addressed across different organizations, with a focus on prevention, detection, and incident response – or run the risk of falling prey to continued attacks. In fact, 52% of respondents indicate that accountability for security breaches has increased for their operations teams.
“Make no mistake, cybersecurity is a critical initiative across the board. Every company, government, and society is seeking new innovative paths to drive our digital future, but all are battling increased threats from phishing, ransomware, and known vulnerabilities,” said Bill Berutti, president of security and compliance at BMC. “Businesses need to tear down security and operations walls – or keep getting hacked. BMC is continuing to deliver highly sophisticated SecOps solutions that are illustrating our commitment and leadership in addressing these top customer priorities.”
“The biggest fear of the CIOs and CISOs I speak to is seeing their companies on the front page of The Wall Street Journal because they’ve had a massive breach,” says Sean Pike, program vice president for security products at IDC.
Prepare for Impact
In 2016, enterprises placed greater emphasis on vulnerability discovery and breach remediation as a way to make themselves less attractive to hackers. Enterprises are prioritizing the neutralization of known risks, with 64% of respondents indicating they plan to prioritize protecting against and responding to known security threats in the next 12 months.
Effective execution of known risks will enable teams to then focus on the unknown risks, or unplanned activities. Sixty-eight percent plan to enhance incident response capabilities in the next 12 months. The guiding principle is that enterprises should avoid as many incidents as possible by eradicating the known risks with systematic and effective execution, allowing them to focus the best resources at driving out any intruders that nevertheless find a way in.
As digital transformation pushes IT and security leaders to reevaluate their cybersecurity strategies, it is also impacting overall enterprise spending priorities. Seventy-four percent of CIOs and CSOs say security was a higher priority in 2016 than in the previous year. A decisive 82% of executives plan to invest more in security in the coming year, recognizing that company boards are more willing to increase in security investments if proposals come with solid business cases.
In summary, the study recommends enterprises act now or leave corporate assets vulnerable to hackers and includes the following actions to close the SecOps gap in the digital age:
- Create a modern cybersecurity strategy backed by a solid business model, including spending proposals that target security spending in areas of greatest impact.
- Increase efforts to secure mission-critical assets. Devote additional personnel and technology to ensure the enterprise is secure.
- Develop an enterprise-wide culture of security that includes key stakeholders like the line of business owners who can help reduce “weak link” security gaps.