Study: Breaking Silos Could Reduce Breach Costs

Written by

The cybersecurity industry experienced some ups and downs last year, according to the 3,200 senior security professionals from 18 countries who participated in Cisco’s fifth annual CISO Benchmark Study.

The study revealed that security professionals experienced both encouraging gains, with only 30% of respondents saying they suffered from cyber fatigue this year, down from 46% last year. In addition, 39% of participants said that improvements to their security and awareness training programs helped to better protect the company from security breaches. Another 39% said that implementing risk mitigation techniques resulted in security improvements and breach cost reduction.

The majority (95%) of participants felt that they were very or extremely collaborative between networking and security teams, an indication that not working in silos has an obvious financial upside, as "59% of those who were very/extremely collaborative between networking and security experienced a financial impact of their most impactful breach of under $100K – the lowest category of breach cost."

While there are all good steps in the right direction, organizations also had some disappointing regressions. According to the report, "Insider threat from rogue employees or careless contractors [...] was deemed by 24% of our survey respondents to pose the most serious risk to their organizations," and only 35% of respondents said they could easily determine the scope of a compromise, contain and remediate it.

Respondents appeared to be honestly self-reflective, with 65% of CISOs in the survey admitting that they have room to improve, even though nearly half (46%) said they "have tools in place that enable us to review and provide feedback regarding the capabilities of our security practice."

The number of respondents who said they they rely on new technologies fell between 2018 and 2019. Last year, 77% of respondents saying they were reliant on machine learning (ML) to reduce the level of effort required to secure the organization anything, which dropped to only 67% in the 2019 survey. Artificial intelligence (AI) and automation saw similar drops.

“The negative trends in these first three questions probably stem from uncertainty and lack of confidence. Or that ML is not ready for prime time. Either way, we’d like to know more. It could be that adoption is so widespread and integrated into your business processes that you don’t feel it worth calling out,” the report said.

What’s hot on Infosecurity Magazine?