Most firms unprepared against data breaches
Four in every five (80%) of global security executives surveyed (78% in Singapore) are concerned that detected data breaches go unaddressed, a new survey from ServiceNow shows.
The survey which covered 300 CISOs reveals that about 10% of CISOs reported experiencing a significant security breach causing reputational or financial damage in the past three years.
Manual processes, resources and talent deficiencies, and the inability to prioritize threats are impairing security response effectiveness. As a result, CISOs are increasing the automation of security tasks to bolster their response and remediation efforts.
“Data breaches have a serious impact to businesses in Singapore and across the region. According to the results of this survey, CISOs need to put their focus on the entire process of the security response,” said Jimmy Fitzgerald, VP and GM of ServiceNow Asia Pacific and Japan.
“CISOs must start automating and prioritizing security tasks based on business criticality to ensure that threats are detected and dealt with quicker and more efficiently,” said Fitzgerald.
The survey also found that 18% of CISOs in Singapore (compared to 20% globally) rather their company as highly effective at preventing security breaches.
Two-thirds or 66% (70% globally) of CISOs say it is difficult to prioritize threats based on business criticality.
Customers may suffer the most from these gaps as only 30% of CISOs (38% globally) believe they are highly effective at protecting against customer data breaches.
More than 24% of CISOs (30% globally) say manual processes and a lack of resources are barriers to their organization’s ability to detect, and respond to security breaches.
Just 8% of CISOs (7 percent globally) say their employees have developed the skills necessary to successfully prioritize security threats.
A small group of the overall survey sample (10% in Singapore), titled “Security Response Leaders,” differ from the rest in that they automate a higher percentage of security activities, including more advanced tasks such as trend reporting; prioritize responses to security alerts based on business criticality; and build stronger relationships with IT and other departmental functions.