This comes at a cost: Six per cent of UK CISOs (13 per cent globally) reported experiencing a significant security breach causing reputational or financial damage in the past three years. Manual processes, resources and talent deficiencies, and the inability to prioritise threats are impairing security response effectiveness. As a result, CISOs are increasing the automation of security tasks to bolster their response and remediation efforts.
“UK CISOs are spending an increasing amount on preventing and detecting data breaches, but our research underscores that response is where they should focus,” said Chris Pope, Office of the Chief Strategy Officer, ServiceNow. “Automating and orchestrating security response is the missing link for CISOs to radically increase the effectiveness of their security programs.”
Additional findings of the study from the UK include:
- Only 18 per cent rate their company as highly effective at preventing security breaches (19 per cent globally).
- Customers may suffer the most from these gaps: Only 44 per cent of CISOs believe they are highly effective at protecting against customer data breaches (38 per cent globally).
- Around two in five (38 per cent) of UK CISOs say manual processes and 32 per cent say a lack of resources are barriers to their organisation’s ability to detect and respond to security breaches.
- Around one in 10 (12 per cent) of UK CISOs say their employees have developed the skills necessary to successfully prioritise security threats (7 per cent globally).
A small group of the overall survey sample (11 per cent globally and 12 per cent in the UK), titled “Security Response Leaders,” differ from the rest in that they:
- Automate a higher percentage of security activities, including more advanced tasks such as trend reporting.
- Prioritise responses to security alerts based on business criticality.
- Build stronger relationships with IT and other departmental functions.