New research released by ServiceNow paints a disturbing picture of the ability of businesses to detect, prioritize and eliminate security threats effectively. The Global CISO Study: How Leading Organizations Respond to Security Threats and Keep Data Safe highlights a necessity for organizations to take a new approach to data security threats.
This survey showed that over 80 percent of CISOs stated that data breaches that were detected still went unaddressed. Respondents also highlighted the fact that it is difficult to prioritize these threats based on business criticality.
The cost of this, in business terms, is potentially very high. Around 10 percent of CISOs surveyed admitted to experiencing a security breach that caused reputational or financial damage to the business in the past three years.
One of the key steps that CISOs are taking to combat this issue is to increasingly automate security tasks in order to improve response and remediation efforts.
“CISOs are spending an increasing amount on preventing and detecting data breaches, but our research underscores that response is where they should focus,” said Sean Convery, general manager, Security Business Unit, ServiceNow. “Automating and orchestrating security response is the missing link for CISOs to radically increase the effectiveness of their security programs.”
Additional findings of the study include:
- Only 19 percent of survey respondents rated their company as highly effective at preventing security breaches
- Customers may suffer the most from these gaps: Only 38 percent of CISOs believe they are highly effective at protecting against breaches of customer credit card or financial information
- More than 25 percent of CISOs say manual processes and a lack of resources are barriers to their organization’s ability to detect and respond to security breaches
- Just 7 percent of CISOs say their employees have developed the skills necessary to successfully prioritize security threats.
A small group of the overall survey sample (11 percent), were seen as being ‘security response leaders’ and they differed from the majority of respondents in that they:
- Automate a higher percentage of security activities, including more advanced tasks such as trend reporting
- Prioritize responses to security alerts based on business criticality
- Build stronger relationships with IT and other departmental functions
Additional insights can be found in this infographic ServiceNow_CISO_Info_V15
Security features heavily on the program for Knowledge17. The annual ServiceNow conference takes place in Orlando, Florida on May 7-11.