“It is concerning in light of the fact that, by some estimates, unpatched vulnerabilities account for more than half of all data breaches,” continued Kawalec. “By getting the basic functions of cybersecurity right, IT decision makers can drastically improve their chances of defending against a cyber-attack, since unpatched software is often cited as the most common cause of data breaches.”
When it comes to the approach to cybersecurity, the research found that 66 percent of IT security decision makers felt greater awareness of security risks within the IT function has had a significant impact on currently existing cybersecurity policies. Compliance with external standards such as GDPR follows closely behind at 56 percent, but basic functions like vulnerability and patching is only prioritised by 32 percent of respondents. Employee education was deemed a top priority by 58 percent of respondents, as was simplifying infrastructure (54 percent) and aligning security with development operations to create a DevSecOps model (47 percent).
“Some organisations are further along this evolutionary curve than others, but without business’ buy-in to a cybersecurity program, CISOs will undoubtedly struggle to keep their organisations safe from looming cyber threats,” said Andrzej Kawalec, Optiv’s director of strategy and technology, Europe. “We are seeing a significant shift in the industry, whereby cybersecurity is now a business issue. CISOs are being regarded as an important part of major business initiatives such as next-generation digital transformation, which has led to more funding for cyber programs. The board now understands that a major security or compliance miscue can derail a business.”
The research found that the importance of cybersecurity is now better understood by business executives and board members. In fact, 96 percent of respondents indicated they are taking a more strategic approach to cybersecurity as a result of being greater aligned with business leaders.
With the rise of the data breach epidemic, and the imposition of comprehensive privacy regulations and significant legislation requirements, cybersecurity has become a tier-one business risk. As a result, the chief information security officer’s (CISO) role in a business has dramatically increased in value. In fact, 64 percent of businesses now prioritise cybersecurity above all else, even if it slows some users’ productivity down, according to a new research report from Optiv Security. The report, “The State of the CISO,” takes an in-depth look at the approach to cybersecurity taken by CISOs, CSOs and senior IT decision makers, the strategies they have in place and their experience of data breaches.