Getty Images/iStockphoto
Cybersecurity Resilience Top Priority for 96% of Surveyed Executives
Organization executives are focusing on preventing incidents and mitigating losses rather than retaining security talent when listing their main objectives for cybersecurity resilience, a new survey found.
Organization executives are doubling down on investments toward cybersecurity reliance as an uptick in data security breaches jeopardizes business operations and overwhelms industries, including the healthcare sector, according to a recent Cisco report.
The “Security Outcomes Report, Volume 3: Achieving Security Resilience” revealed that 96 percent of executives consider security resilience crucial, with 62 percent of organizations surveyed reporting a data security event that impacted business in the past two years.
When asked to elaborate on the types of resilience-impacting incidents, over half the respondents reported data breaches and system outages. Further, ransomware events and distributed denial of service (DDoS) attacks impacted more than 46 percent of surveyed organizations.
The report also indicated that the state of security resilience among organizations is mixed less than 40 percent confident their organization would fare well during a cybersecurity event.
"Technology is transforming businesses at a scale and speed never seen before,” Helen Patton, CISO, Cisco Security Business Group, said in a press release. “While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.”
"Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organization and ensure that value is protected," Patton continued.
A cybersecurity incident can experience shape an organization’s main objects of resilience, the report stated.
The findings highlighted that the main objectives of security resilience for security leaders and their teams are to prevent incidents, mature capabilities, and adapt to change. However, after a cybersecurity incident, mitigating losses and preventing incidents became the two top priorities for cybersecurity resilience overall.
Additionally, recruiting and retaining cybersecurity talent was the lowest-ranking resilience priority despite being an ongoing challenge for the security industry. .
"The Security Outcomes Reports are a study into what works and what doesn't in cybersecurity. The ultimate goal is to cut through the noise in the market by identifying practices that lead to more secure outcomes for defenders," said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco. "This year we focused on identifying the key factors that elevate the security resilience of a business to among the very best in the industry."
The report highlights seven data-backed success factors for cybersecurity resilience. Organizations with these factors were among the top 90th percentile of cyber-resilient businesses. On the other hand, those lacking these data-backed factors were in the bottom 10th percentile of performers.
Organizations that report poor security support from the C-suit scored 39 percent lower than those with strong C-suite backing.
“Our data suggests that security programs that are tightly aligned with the core mission of the business have stronger executive-level support and improved resilience to boot (+32 percent to overall score),” the study authors stated. “Thus, bridges to the C-suite are built upon a solid understanding of how the business works and how security initiatives can make it work even better.”
The findings showed that cultivating a culture of security throughout the organization should be a priority for leaders, as businesses that report an excellent security culture experienced a 46 percent increase in resilience than those with poor security culture.
Additionally, cybersecurity resilience scores can vary by 15 percentage points between organizations that maintained extra internal staffing and resources to respond to incidents and those that did not.
The report noted that cloud architecture and migration could greatly impact cyber resilience. Companies with mostly on-premise or mostly cloud-based technologies had the highest and most similar cybersecurity resilience scores.
Those in the early stages of transitioning to a hybrid model experienced decreases between 8.5 and 14 percent in resilience.
Ultimately, organizations that adopted mature cybersecurity solutions had better outcomes. Companies that implemented a mature Zero Trust model had a 30 percent rise in their resilience scores compared to those that had none.
Additionally, converging networking and security into a mature, cloud-delivered secure access services edge increased security resilience scores by 27 percent.