On 24 February, Cisco published its sixth annual CISO Benchmark Report surveying the security posture of 2,800 security professionals from 13 countries around the globe. The report provides 20 cybersecurity considerations for 2020 – gleaned from data analysis of survey results and a panel of Advisory CISOs. It shows increased investment in cloud security and automation technologies to combat complexity.
The CISO Benchmark Report contains contextually useful information for any security leader today. From how to influence the board and what reporting metrics are useful for them, to what causes downtime, and how to deal with complexity.
To compile this report, Cisco surveyed 2,800 security leaders globally to inform us about what they experienced in the previous year in their roles. Then they interviewed current and former CISOs to augment the data with expertise and opinion on leading practices.
Highlights of the report
- Security leaders who had established clear security outcome objectives or metrics were less likely to experience cyber fatigue. It seems that clear metrics help you sleep better at night.
- Brand reputation has climbed over the years as an area of the business affected by a security breach – brand reputation is now the second-most impacted business area after operations.
- Voluntary breach disclosure is at an all-time high.
- Those who were very/extremely collaborative between security and networking, or endpoint management and security groups, showed significantly lower breach costs.
- Forty six percent of organizations (up from 30 percent in last year’s report) had an incident caused by an unpatched vulnerability.
- Malware and malicious spam come in as the first- and second-most commonly cited causes of breach. Ransomware is responsible for causing the most destructive amount of downtime (more than 17 hours) and also doesn’t discriminate – this is the case for both small-to-medium businesses and large enterprises.
Download the full report here.