How Cybersecurity Teams Measure Success and Secure Budgets

October 10, 2019

More than fifty percent of survey respondents struggle to align security initiatives to business goals and 44 percent aren't clear on what the business goals are, says a Thycotic Cyber Security Team's Guide to Success report.

The top three obstacles to achieving business goals were lack of skilled resources (35 percent), security breaches being out of control (34 percent) and lack of security budget (34 percent).

Additional findings include:

89 percent agree that department has measurable security performance goals/KPIs to meet in the next 12 months of which half (49 percent) measure number of security breaches.
45 percent agree they have no way of measuring how previous security initiatives have made a difference to the business overall, and 30 percent agree it’s not a priority for them to measure success of security initiatives once they’ve been rolled out.
48 percent of budget is allocated by “Evidence to demonstrate success of previous initiatives.”
52 percent of respondents say not meeting performance targets means the reputation of the department suffers, team members end up working longer hours (38 percent) and security budgets likely get cut (33 percent).
42 percent say the most stressful aspect of their job is meeting the growing number of compliance and regulatory demands.
45 percent say the biggest challenges for retaining cybersecurity team members is burnout/stress from long work hours and pressure, followed by lack of support from senior leaders (40 percent).

In the current climate, the following best describe what "success" looks like for IT cybersecurity executives:

Being valued by the enterprise - 41 percent
Meeting performance targets set by the board - 40 percent
Preventing enterprises from being the next 'cybersecurity incident' headline - 37 percent
Meeting compliance demands - 37 percent
Just keeping everything running smoothly - 36 percent
Achieving consistent pay increase and/or bonuses - 31 percent
Knowing that 'nothing bad happens'/that there are no major security incidents or downtime - 27 percent
Not losing their job/holding onto their job - 16 percent

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

How Cybersecurity Teams Measure Success and Secure Budgets

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

How Cybersecurity Teams Measure Success and Secure Budgets

Related Articles

Related Products

Related Events

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.