“CISOs are finally getting a seat in the Boardroom,” said Brendan Hannigan, General Manager, IBM Security. “Security leaders must now use this growing influence to deliver better results: prioritizing the protection of critical assets, focusing investments on intelligence and recruiting top industry talent to augment internal efforts.”
Today’s Organizations Rethinking Cybersecurity Tactics
The study aimed to uncover and understand how organizations are currently protecting themselves against cyber attacks, finding 70 percent of security leaders believe they have mature, traditional technologies that focus on network intrusion prevention, advanced malware detection and network vulnerability scanning.
However, nearly half (50 percent) agree that deploying new security technology is the top focus area for their organization, and they identified data leakage prevention, cloud security and mobile/device security as the top three areas in need of dramatic transformation.
Additional findings from the IBM CISO study include:
- Cloud Security Continues to Lead the Agenda: While concern over cloud security remains strong, close to 90 percent of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, 75 percent expect their cloud security budget to increase or increase dramatically over the next three to five years.
- Data Driven Security Intelligence Capabilities are Top of Mind: Over 70 percent of security leaders said real-time security intelligence is increasingly important to their organization. Despite this strong agreement, the study found areas such as data classification and discovery and security intelligence analytics have relatively low maturity (54 percent) and require a higher need for improvement or transformation.
- Significant Mobile Security Needs Still Remain: Despite the growing mobile workforce, only 45 percent of security leaders stated they have an effective mobile device management approach. In fact, according to the study, mobile and device security ranked at the bottom of the maturity list (51 percent).
Managing Uncertainty around Government Landscape
In addition to external threats, the study indicated CISOs face additional challenges from governments as nearly 80 percent of respondents said the potential risk from regulations and standards have increased over the past three years. Security leaders are most uncertain about whether governments will handle security governance on a national or global level as well as how transparent they will be in doing so. Only 22 percent think that a global approach to combating cybercrime will be agreed upon in the next three to five years.
Empowering Today’s Security Leaders
With cyber attacks and government regulations continuing to evolve, a majority of organizations have redefined their view of security over the past three years, vaulting security leaders into more influential roles. According to the study, 90 percent of security leaders strongly agree that they have significant influence in their organization, with 76 percent stating that their degree of influence has significantly increased in the last three years. In addition, 71 percent strongly agree that they are receiving the organizational support that they need in order to do their jobs effectively.
About the Assessment
To obtain an understanding of security leaders’ current conditions and views of the future landscape, the IBM Center for Applied Insights, in collaboration with IBM Security, conducted in-depth interviews with 138 security leaders – the senior-most IT and line-of-business executives responsible for information security in their organizations. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, some did not. Others interviewed included CIOs, VPs of IT Security and Security Directors. Sixty-three percent of organizations interviewed had a named CISO. Participation spanned a broad range of industries and five different countries. To download the report please visit www.ibm.com/security/ciso.
For more information, please visit www.ibm.com/ibmcai, follow @IBMCAI on Twitter or visit the IBM Center for Applied Insights blog.
About IBM Security
IBM’s security platform provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more. IBM operates one of the world’s broadest security research and development, and delivery organizations.
For more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
Related resources
Images40% of CISOs say sophisticated threats top challenges report IBM
Sophisticated external threats were identified by 40 percent of security leaders as their top challenge with regulations a distant second at just under 15 percent. (Credit: IBM)
59% of CISOs said hackers have outsmarted defenses reports IBM
59% of security leaders surveyed said attackers have outstripped their organization's cyber security defenses. (Credit: IBM)
83% of CISOs say cyber threat challenges rising reports IBM
83% of security leaders said that the challenge posed by external threats has increased in the last three years (42% said dramatically). (Credit: IBM)
72% of CISOs say data analytics are top priority reports IBM
72% of security leaders said that real-time security intelligence is increasingly important to their organization. (Credit: IBM)
| Topics | XML feeds |
|---|---|
| Global Technology Services Technology services that can deliver measurable business results. |
|
| IBM Analytics News about IBM solutions that turn information into actionable insights. |
|
| IBM Cloud Computing Gain access to your applications from anywhere, at any time. |
|
| IBM Security IBM solutions that help with security, risk management, and compliance |
|
| Research Chemistry, computer science, electrical engineering, materials and mathematical sciences, physics and services science |
|
| Services and solutions |