Skip to main Content
Article

Cisco’s 2019 CISO Benchmark Study: prevention and preparation in the spotlight

Melanie Jones
Cisco’s 2019 CISO Benchmark Study is a comprehensive survey of more than 3,000 information security leaders across 18 countries.

This year’s study placed a particular focus on prevention and preparation, requesting responses on vendor/solution selection and alert management as well as breach readiness and response.

The results show security professionals are increasing their investment in defence technologies, security training, risk analysis and risk mitigation.

However, employees/users continue to be listed among the greatest protection challenges, email security remaining the number one threat vector, thus leading to a higher priority being placed on security awareness exercises to strengthen an organisation’s security posture and reduce the risk of breaches.

The use of risk assessment and risk metrics that span across the business is playing an increasing role in technology selection and has helped CISOs focus on their operational practices.

The study showed the correlation between the alignment of teams, especially the networking and security teams, and the reduced impact and cost of breaches, thus promoting a more collaborative approach to reduce organisational silos and target common goals.

Complex security environments could hinder security professionals’ visibility across their environments. Consolidating the security vendors and limiting the number of dashboards to better prioritise alerts can help teams focus on remediation and 63% of respondents cited 10 or fewer vendors in their environment, up from 54% in 2017.

Artificial intelligence and machine learning are still seen as helpful in alert prioritisation and management, though the confidence in these tools has seen a drop of 10% or more compared to last year’s results.

A staggering 93% of the interviewed CISOs reported increased efficiency and effectiveness for their teams following a migration to the cloud. No matter the industry or size of your organisation, it is of vital importance to establish an organisational process that starts with security awareness training on day one and to put together a plan that details the role of each team. No plan is perfect, but each plan can and should be tested and improved with regular drills to ensure the best response in the event of an actual breach.
Browse Related Brands:

Melanie Jones

Product Director for Cisco, Citrix and Cybersecurity

Melanie Jones, Product Director for Cisco, Citrix and Cybersecurity has been with Global Knowledge for over 15 years. She is responsible for managing the strategic vision, product portfolio planning, innovation and go to market strategy. Melanie manages technology portfolios in Collaboration, Data Center, Cloud, Security, IOT and Big Data Analytics, as well as being a product lead for cybersecurity portfolios for EC-Council, CompTIA, CQURE, ISACA, ISC2 and SECO. Melanie is a member of key Cisco, Collaboration, Cybersecurity and Big Data groups worldwide. She also has her own jewellery and fashion business which she focuses on in her spare time.