SANTA CLARA, Calif.--(BUSINESS WIRE)--A new survey of 300 Chief Information Security Officers (CISOs) from around the world by ServiceNow (NYSE:NOW) spotlights the need for a new approach to respond to the rising number and cost of data security threats. In “The Global CISO Study: How Leading Organizations Respond to Security Threats and Keep Data Safe,” more than 80 percent of CISOs surveyed report that detected data breaches are going unaddressed, and 70 percent say it is difficult to prioritize threats based on business criticality.
This comes at a cost: More than one in 10 CISOs reported experiencing a significant security breach causing reputational or financial damage in the past three years. Manual processes, resources and talent deficiencies, and the inability to prioritize threats are impairing security response effectiveness. As a result, CISOs are increasing the automation of security tasks to bolster their response and remediation efforts.
“CISOs are spending an increasing amount on preventing and detecting data breaches, but our research underscores that response is where they should focus,” said Sean Convery, general manager, Security Business Unit, ServiceNow. “Automating and orchestrating security response is the missing link for CISOs to radically increase the effectiveness of their security programs.”
Additional findings of the study include:
- Only 19 percent rate their company as highly effective at preventing security breaches.
- Customers may suffer the most from these gaps: Only 38 percent of CISOs believe they are highly effective at protecting against breaches of customer credit card or financial information.
- More than 25 percent of CISOs say manual processes and a lack of resources are barriers to their organization’s ability to detect and respond to security breaches.
- Just 7 percent of CISOs say their employees have developed the skills necessary to successfully prioritize security threats.
A small group of the overall survey sample (11 percent), titled “Security Response Leaders,” differ from the rest in that they:
- Automate a higher percentage of security activities, including more advanced tasks such as trend reporting.
- Prioritize responses to security alerts based on business criticality.
- Build stronger relationships with IT and other departmental functions.
- Global Research Report here: https://www.servicenow.com/c-suite/ciso.htm
- Case study on Freedom Security Alliance
- For more on Security Incident Response, please visit this site.
ServiceNow commissioned Oxford Economics to survey 300 Chief Information Security Officers. Respondents are based in Australia, France, Germany, Singapore, the United Kingdom and the United States, and represent companies ranging in size from $500 million in revenue to more than $10 billion. The survey was administered via telephone. Founded in 1981 as a joint venture with Oxford University’s business college, Oxford Economics specializes in evidence-based thought leadership, forecasting, and economic impact analysis.
Your enterprise needs to move faster, but lack of process and legacy tools hold you back. Every day, thousands of customer requests, IT incidents, and HR cases follow their own paths—moving back and forth between people, machines and departments. Unstructured. Undocumented. Unimproved for years. With the ServiceNow® System of Action™ you can replace these unstructured work patterns of the past with intelligent workflows of the future. Now every employee, customer and machine can make requests on a single cloud platform. Every department working on these requests can assign and prioritize, collaborate, get down to root cause issues, gain real-time insights and drive to action. Your employees are energized; your service levels improve and you realize game-changing economics. Work at Lightspeed™. To find out how, visit www.servicenow.com.
© 2017 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc., in the United States and/or other countries. Other company and product names may be trademarks of the respective companies with which they are associated.