Chief Information Security Officers (CISOs) were surveyed on their security programs and risk management strategies. According to the survey, 89% of CISOs measure the maturity and performance of their full security program at least once each quarter, and more than half of CISOs measure monthly.
Thirty-three percent of CISOs are not working towards a same-day mean time to detect (MTTD), and do not have a service level agreement (SLA) to start working on mitigating risk within 8 hours of a breach.