Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity Education & TrainingCybersecurity News

Unknown in Users, Data, Devices, and Apps are Major Concerns for CISOs

Doorway to Cybersecurity
February 28, 2019

Cisco's 2019 CISO Benchmark Study results show security professionals are placing higher priority on vendor consolidation, collaboration between networking and security teams, and security awareness exercises to strengthen an organizations security posture and reduce the risk of breaches.

To further address complexity challenges, many CISOs are increasingly confident that migrating to the cloud will improve protection efforts, while apparently decreasing reliance on less proven technologies such as artificial intelligence (AI). 

Complex security environments made up of solutions from 10 or more security vendors could be hampering security professional’s visibility across their environments. Sixty-five percent of respondents do not find it easy to determine the scope of a compromise, contain it and remediate from exploits. The unknown threats that exist outside the enterprise in the form of users, data, devices, and apps is also a top concern for CISOs. To help address these challenges, and better protect their organizations, of those surveyed:  

  • Forty-four percent have increased investment in security defense technologies. 

  • Thirty-nine percent have security awareness training among employees.

  • Thirty-nine percent focused on implementing risk mitigation techniques. 

Survey respondents also noted the continued high financial impact of breaches. Forty-five percent of respondents reported the financial impact of a breach to their organization was more than $500,000. The good news is that more than 50 percent of respondents are driving breach costs below half a million. But there remains a stubborn eight percent claiming an eye-watering cost of more than $5 million per incident for their most significant breach of the past year. 

“This year, more than ever CISOs are taking a much more proactive role in reducing their exposure through consolidation and training, as well as investments in critical technologies, for cyber defense and breach containment, but there is still more to do,” said Steve Martino, Senior Vice President and Chief Information Security Officer, Cisco. “You can’t protect what you can’t see, and security leaders are still struggling to gain greater visibility across their organization and into threats. Cisco is committed to helping organizations address these challenges and implement new techniques and technology to stay one step ahead of malicious actors and threats.” 

The report cited the following findings highlight some of these positive developments security professionals have made to improve their security posture:

  • The trend away from point products to vendor consolidation continues— in 2017 54 percent of respondents cited 10 or fewer vendors in their environment. This number has risen to 63 percent.

    • In many environments, multiple vendor solutions aren’t integrated, and therefore don’t share alert triage and prioritization. The survey showed that even those CISOs with fewer point solutions could better manage their alerts through an enterprise architecture approach. 

  • The most collaborative teams lose the least money. Elimination of silos shows a tangible financial upside:

    • ​Ninety-five percent of security professionals reported that their networking and security teams were very or extremely collaborative. 

    • Fifty-nine percent of those who stated that their networking and security teams were very/extremely collaborative also stated that the financial impact from their most serious breach was under $100,000 – the lowest category of breach cost in the survey.

  • There is more confidence in cloud-delivered security and in securing the cloud.

    • Ninety-three percent of CISOs reported that migrating to the cloud increased efficiency and effectiveness for their teams. 

    • The perception of difficulty of protecting cloud infrastructure has decreased—52 percent in 2019 compared to 55 percent in 2017.

  • Use of risk assessment and risk metrics that span across the business, in part driven by cyber insurance procurement, is playing an increasing role in technology selection and has helped CISOs focus on their operational practices—40 percent of respondents are using cyber insurance, at least partly, to set their budgets.
  • “Cyber fatigue” – defined as virtually giving up on staying ahead of malicious threats and bad actors - is down from 46 percent in 2018 to 30 percent in 2019.

But the fight is far from over--the following findings show CISO challenges and opportunities for improvement: 

  • AI and machine learning (ML), used right, are essential to the initial stages of alert prioritization and management.mHowever, reliance on these technologies has decreased as respondents possibly perceive the tools to be still in their infancy or not ready for prime time:  

    • Reliance on ML is down to 67 percent in 2019 compared to 77 percent in 2018.

    • AI is down to 66 percent compared to 74 percent in 2018.

    • Automation is down to 75 percent compared to 83 percent in 2018.

  • Employees/users continue to be one of the greatest protection challenges for many CISOs—having an organizational process that starts with security awareness training on day one is essential.

    • Only 51 percent rate themselves as doing an excellent job of managing employee security via comprehensive onboarding and processes for transfers and departures. 

  • Email security remains the number one threat vector.

    • Phishing and risky user behavior (e.g. clicking malicious links in email or websites) remains high and is the top concern for CISOs. The perception of this risk has held steady for the past three years between 56 to 57 percent of respondents. Coupled with low levels of security-related employee awareness programs, this represents a possible major gap that the security industry can help address. 

  •  Alert management and remediation remains challenging. A reported drop in remediation of legitimate alerts, 50.5 percent in 2018 to 42.7 percent this year, is concerning given that many  respondents are moving toward remediation as a key indicator of security effectiveness.

    •  Security measurements are changing. The number of respondents who use mean time to detection as a metric for security effectiveness decreased from 61 percent in 2018 to 51 percent in 2019 on average. Time to patch has also dropped in focus from 57 percent in 2018 to 40 percent in 2019. Time to remediate has risen as a success metric: 48 percent of respondents cited this compared to 30 percent in 2018.

Recommendations for CISOs:

  • Base security budgeting on measured security outcomes with practical strategies coupled with cyber insurance and risk assessments to guide your procurement, strategy, and management decisions.

  • There are proven processes that organizations can employ to reduce their exposure and extent of breaches. Prepare with drills; employ rigorous investigative methods; and know the most expedient methods of recovery.

  • The only way to understand the underlying security needs of a business case is to collaborate across siloes – between IT, Networking, Security and Risk/Compliance groups.

  • Orchestrate response to incidents across disparate tools to move from detection to response faster and with less manual coordination.

  • Combine threat detection with access protection to address insider threat and align with a program like Zero Trust.

  • Address the number one threat vector with phishing training, multi-factor authentication, advanced spam filtering and DMARC to defend against Business Email Compromise.

KEYWORDS: CISO cloud migration cybersecurity data breach

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Figure 3- boonedam

    Major concerns and risks hindering CISOs ability to strengthen security posture

    See More
  • Malware

    Hackers are Targeting Piracy Apps to Install Malware and Steal Data

    See More
  • finance 2 responsive default

    Data, Privacy, Analytics are Top Concerns for Financial Enterprises

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing