Business security demands that chief information security officers (CISOs) make difficult decisions in order to protect their organization’s sensitive and proprietary data as well as their brand reputation. Today’s CISOs are tasked with the challenge of allocating limited funds and resources to the highest-return cybersecurity projects which can range from breach detection to response. These C-level security leaders must maximize security with finite resources, all while balancing strategic leadership responsibilities and tactical issues.
Forbes Insights in association with Fortinet conducted research around the way today’s CISOs are managing escalating threats with limited resources, uncovering lessons and practices CISOs can implement to achieve an effective cyber-defense program. The key findings from this report provide an inside look at a day in the life of a modern-day CISO.
How CISOs Manage Rising Threats and Finite Resources
To gain insight into the decisions being made by security leaders in today’s ever-evolving organizations, Forbes Insights surveyed over 200 CISOs about the challenges they face in their daily roles. This research revealed a number of important insights that will help CISOs gain the confidence that is required to build and execute a comprehensive security strategy that effectively prioritizes resources against threats within their organizations. Here are some of the findings.
Threats and Capabilities
CISOs must navigate a rapidly changing cyber threat landscape day in and day out. A vast majority of security executives, 84% to be exact, feel that the risk of cyber attacks will escalate in the foreseeable future. Additionally, 21% of CISOs believe that cybercriminals possess abilities that are outpacing their own organization’s defense capabilities. These professionals are dealing with the risk of falling behind the race to keep up with threats and succumbing to loss of intellectual property or damage to brand image. This issue highlights the need to heighten organizational focus on defense and protection capabilities.
Constraints: Budgets and Skills
The average cost of breaches in the U.S. is $7.9 million. However, budget and skill constraints are forcing today’s security leaders to make critical decisions or compromises when it comes to implementing a cohesive cybersecurity strategy. The top constraints noted by CISO respondents include the lack of a centrally organized cybersecurity strategy, lack of support from senior management and the lack of an adequate budget. As threats escalate, CISOs must focus on maximizing budgetary resources and employee skill sets to stay ahead of the curve – a job easier said than done.
Protection: Strategy and Technology
Recently, there’s been a growing consensus of individuals that believe that the risk of a breach is inevitable. In that mindset, more and more CISOs are repositioning their security strategy to focus resources on managing priorities and enabling a quick reaction to breach by refining detection and response tactics. For this reason, most security leaders are focusing their efforts on automation. Specifically, 42% of CISOs are planning on shifting their technology strategy toward automation and the majority of the remainder are already tackling an automation strategy.
Internal Actions: Talent and Teamwork
Top priorities for many CISOs in the coming year will be to enable an enterprise-wide holistic security approach and hire more cybersecurity staff. The impact of the talent and skills shortage is profound within today’s organizations. This shortage can prohibit strategic goals and leave businesses at risk. In order to best respond to threats, security leaders must focus on talent, team training, and strategy implementation. And they are. In 2020, 14% of CISOs will dedicate priority funding to adding more security personnel to their teams. Additionally, over the course of the next five years, 16% of CISOs aim to develop a culture of security throughout their entire enterprise.
The Road to Confidence: Actions to Take
CISOs can combat the challenges they face with cybersecurity by implementing the following actions within their daily operations:
- Focus on Protecting Brand Reputation: Many malicious actors target intellectual property and the most important asset in the CISO’s care – the reputation of the company. Leaders should maintain focus and ensure they are protecting brand image.
- Make a Business Case for the CISO’s Budget: As threats escalate, resources must be maximized. CISOs will benefit from asking stakeholders to consider the costs in increased budget versus prospective loss.
- Move from Prevention to Detection/Response: CISOs should consider automating as many resources as possible. By deploying detection and response tactics and technologies, CISOs can enable security staff to take a more strategic and effective security stance.
- Promote Talent and Teamwork: Security leaders should focus on their people by providing employee education, training and building a security-aware culture.
Perhaps more than any other senior executive, CISOs face the unknown daily. However, cyber risk remains constant. Effective security leaders maximize their resources, convene their teams and ration their budget and expertise to fight their most prevalent battles. By being prepared yet flexible, CISOs will enable a scalable defense fit to counter the breaches ahead of them.
Read more about how CISOs can manage escalating threats and limited resources.