Reactive Security Strategy Poses Significant Challenge for CISOs
September 19 2017 - 6:00PM
Business Wire
New research from F5 finds only 51% of
companies have an established IT security strategy
Today at Singapore International Cyber Week, F5 Networks
(NASDAQ: FFIV) released a comprehensive report on the evolving
nature of the CISO role and the IT security approaches
organizations around the world are taking in today’s constantly
shifting threat landscape. The report finds that as IT security
increasingly becomes a priority, CISOs’ influence within companies
is growing; however, security strategy in many organizations is
still largely reactive and not yet aligned with business
functions.
Conducted by the Ponemon Institute, the findings are based on
interviews with senior-level IT security professionals at 184
companies in seven countries: The United States, the United
Kingdom, Germany, Brazil, Mexico, India, and China.
“This research provides a unique view into how CISOs are
operating in today’s challenging environment,” said Mike
Convertino, Chief Information Security Officer at F5. “It’s clear
CISOs are making progress in how they drive the security function
and the leadership role they are assuming within companies. But in
many organizations, IT security is not yet playing the strategic,
proactive role necessary to fully protect assets and defend against
increasingly sophisticated and frequent attacks.”
Key Findings
- Responsibility growing for CISOs
– Although CISOs have varying degrees of influence among upper
management in their organizations, most CISOs are influential in
managing their companies’ cybersecurity risks, and their impact is
growing. Sixty-eight percent of respondents say CISOs have the
final say in all IT security spending, while a slightly smaller
number (64%) say they have direct influence and authority over all
security expenditures in their organizations. Eighty-seven percent
of respondents say the IT security budget has increased
significantly (18%), increased some (29%), or has not changed
(40%).
- Alignment lacking with business
– An IT security strategy that spans the entire company is
still very rare. Fifty-eight percent of respondents indicate IT
security is a standalone function and only 22% say security is
integrated with other business teams, while 45% say their security
function does not have clearly defined lines of responsibility.
Seventy-five percent of respondents say that due to the lack of
integration with business functions, turf and silo issues have
either a significant influence (36%) or some influence (39%) on IT
security tactics and strategies.
- Recognition of security as a
business priority is reactive – Sixty percent of respondents
believe their organizations consider security to be a business
priority, yet only 51% say their organization has an IT security
strategy, and of those only 43% say that strategy is reviewed,
approved, and supported by other C-level executives. The findings
indicate that change in security programs is largely reactive, with
material data breaches (45%) and cybersecurity exploits (43%) the
top two events that get attention from other senior
executives.
- Crises driving influence with
executive leadership – Sixty-five percent of respondents say
CISOs communicate directly with senior executives, but rarely is it
strategic discussion of all threats to the organization.
Respondents also acknowledged limited executive communication
around security events, with 46% stating that only material data
breaches and cyber attacks are reported to the CEO and board of
directors, while just 19% report all data breaches to this
group.
- AI is a potential solution to
staffing needs – A talent shortage in IT security continues to
loom large for CISOs. The average headcount of IT security
personnel will increase from 19 to 32 full-time (or equivalent)
employees over the next two years, with nearly half (42%) feeling
their current staffing is not adequate. Fifty-eight percent say
they have difficulty hiring qualified security personnel, with the
biggest challenges identifying and recruiting qualified candidates
(56%) and an inability to offer a market-level salary (48%). These
challenges are pushing companies to look elsewhere for solutions –
half of respondents (50%) believe computer learning and artificial
intelligence can address staffing shortages, and 70% believe these
technologies will be important to their IT security functions in
two years.
Additional Resources
- Mike Convertino blog and full
report
About F5
F5 (NASDAQ: FFIV) makes apps go faster, smarter, and safer for
the world’s largest businesses, service providers, governments, and
consumer brands. F5 delivers cloud and security solutions that
enable organizations to embrace the application infrastructure they
choose without sacrificing speed and control. For more information,
go to f5.com. You can also follow @f5networks on
Twitter or visit us
on LinkedIn and Facebook for more information
about F5, its partners, and technologies.
F5 is a trademark of F5 Networks, Inc., in the U.S. and other
countries. All other product and company names herein may be
trademarks of their respective owners.
This press release may contain forward looking statements
relating to future events or future financial performance that
involve risks and uncertainties. Such statements can be identified
by terminology such as "may," "will," "should," "expects," "plans,"
"anticipates," "believes," "estimates," "predicts," "potential," or
"continue," or the negative of such terms or comparable terms.
These statements are only predictions and actual results could
differ materially from those anticipated in these statements based
upon a number of factors including those identified in the
company's filings with the SEC.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20170919006547/en/
F5 NetworksNathan Misner, 206-272-7494n.misner@f5.comorWE
CommunicationsHolly Lancaster,
415-547-7054hluka@we-worldwide.com
F5 (NASDAQ:FFIV)
Historical Stock Chart
From Mar 2024 to Apr 2024
F5 (NASDAQ:FFIV)
Historical Stock Chart
From Apr 2023 to Apr 2024