Optiv Security has published a new “State of the CISO” that explores how chief information security officers (CISOs) perceive the state of their profession. 200 CISOs or senior security personnel with equivalent responsibilities were interviewed in both the U.S. and the U.K. (100 in each country) for the survey.
Survey respondents indicated a fundamental change in how senior executives and board members perceive cybersecurity. Perhaps most surprising was the fact that 58% said experiencing a data breach makes them more attractive to potential employers. This stands in stark contrast to years past when a data breach was often a fireable offense for CISOs. Other notable results related to this topic include:
- 96% either slightly or strongly agreed that senior executives have a better understanding of cybersecurity than they did five years ago.
- 67% said their businesses prioritize cybersecurity above all other business considerations.
- 76% indicated that cybersecurity risk has become important enough to businesses that CISOs will begin to be named as CEOs.
The survey also found that a significant number of CISOs are not following best practices with cybersecurity. Of particular note:
- More than half (54%) of U.S. CISOs and 44% of U.K. CISOs indicated that they practice their incident response plans at a frequency of once a year or less. Industry best practices call for frequent incident response tests and practice, so teams are ready for the real thing when it happens.
- When asked, “If you could stop the business for six months and have the luxury of time to execute any security priorities, which areas would you choose to focus on?”, the answer, “Catch up on basic functions like patching and vulnerability scanning,” finished dead last – even though unpatched vulnerabilities are often cited as the most common source of data breaches (57% of all breaches, according to a study by the Ponemon Institute).
Finally, CISOs were in broad agreement (88%) that it would be worthwhile to have a global treaty in place on cybersecurity, like the Geneva Convention, where countries agree to a set of principals governing their conduct on the internet.
To see all of the survey results, a free download is available on the Optiv website. If you are a member of the media interested in further analysis of Optiv’s “State of the CISO” survey, please contact Jason Cook at Jason.Cook@optiv.com or (816) 701-3374.
About Optiv Security
Optiv is a security solutions integrator – a global, “one-stop” trusted partner with a singular focus on cybersecurity. Our end-to-end cybersecurity capabilities span risk management and transformation, cyber digital transformation, threat management, cyber operations, identity and data management, and integration and innovation, helping organizations realize stronger, simpler and more cost-efficient cybersecurity programs that support business requirements and outcomes. At Optiv, we are modernizing cybersecurity to enable clients to innovate their consumption models, integrate infrastructure and technology to maximize value, achieve measurable outcomes, and realize complete solutions and business alignment. For more information about Optiv, please visit us at www.optiv.com.