CISOs can"t prioritize threats; breaches go unaddressed, survey says

Considering the complex mix of advanced threats, sponsored attacks and other risks facing companies, CISOs face a tough battle in keeping their enterprises safe from breaches.

CISOs are overwhelmed by the increased in data breaches and few can keep up with the flurries of attacks on their organizations, according to a recent survey of 300 CISOS by ServiceNow.

Over 80 percent of CISOs from enterprises across the globe said that, even when detected, data breaches are not dealt with, while 70 percent can”t come up with a strategy to prioritize threats. The survey shows companies are vulnerable also because their approach to an increase in attacks is outdated, while budgets for R&D and security come last in their business strategy.

“This failure to prioritize can paralyze organizations that try to address all threats equally, given that they can be hit by thousands of cyberattacks daily,” the report says.

As a result, when breaches hit them, enterprises don”t know how to react and take too long to fix the damage. Only 19 percent of senior executives were confident that their companies implement robust security strategies to prevent attacks.

“CISOs are spending an increasing amount on preventing and detecting data breaches, but our research underscores that response is where they should focus,” said Sean Convery, general manager, Security Business Unit, ServiceNow. “Automating and orchestrating security response is the missing link for CISOs to radically increase the effectiveness of their security programs.”