As a CISO, where do you see your organization going this year? Perhaps some 20/20 vision could help?
If you can forgive the pun, I’m delighted to announce Cisco’s 2020 CISO Benchmark Report. This year we have combined our current standing in the Gregorian calendar with the notion of perfect eyesight. The end result is 20 recommendations for 2020, which can help security leaders achieve the vision they want for their organization.
We know that life can be tough for a CISO. It’s a role that is arguably right up there with the CEO in terms of responsibility and accountability, and the demands are eternally shifting. There are no defined boundaries as to what a CISO needs to address, from security operations, risk management to compliance mandates and beyond.
Security is boundless. It permeates everything in the organization. That is why – as a CISO – not only are you the person whose job is on the line for every data breach, you also need to be able to influence several departments in addition to the C-suite and board of directors.
And, of course, CISOs are also able to set a strategy that ensures cybersecurity can be a business enabler, and even a business winner. We’ve seen examples of a strong security posture deliver dividends when it comes to due diligence in the sales process.
The most successful CISOs try to knock down siloes to achieve effective protection everywhere. That means thinking big picture on security strategy, while talking in bits and bytes to your technology teams, and talking in debits and credits to your board members.
About the report
To help you achieve your 2020 vision, our annual CISO Benchmark Report contains contextually useful information for any security leader today. From how to influence the board and what reporting metrics are useful for them, to what causes downtime, and how to deal with complexity.
To compile this report, we surveyed 2800 security leaders globally to inform us about what they experienced in the previous year in their roles. Then we interviewed current and former CISOs to augment the data with expertise and opinion on leading practices. We posed questions such as:
- What considerations drive security budgets and spending?
- How do you balance spending on trust verification and threat detection?
- How much downtime did you experience?
- What types of threats has your organization faced?
For a detailed overview on these questions and more, be sure to download the CISO Benchmark Report today.
Here are some of the highlights:
- Security leaders who had established clear security outcome objectives or metrics were less likely to experience cyber fatigue. It seems that clear metrics help you sleep better at night.
- Brand reputation has climbed over the years as an area of the business affected by a security breach – brand reputation is now the second-most impacted business area after operations.
- Voluntary breach disclosure is at an all-time high.
- Those who were very/extremely collaborative between security and networking, or endpoint management and security groups, showed significantly lower breach costs.
- Forty six percent of organizations (up from 30 percent in last year’s report) had an incident caused by an unpatched vulnerability.
- Malware and malicious spam come in as the first- and second-most commonly cited causes of breach. Ransomware is responsible for causing the most destructive amount of downtime (more than 17 hours) and also doesn’t discriminate – this is the case for both small-to-medium businesses and large enterprises.
We’ve also provided key insights throughout the report from CISOs and security leaders, such as this one from Mick Jenkins, CISO for Brunel University London on the CISO’s role with executive leadership and the board:
“Every organization is different in terms of the executive makeup and there are many different styles
of executive leadership. The role of a CISO is to break through into that, have conversations, and engage
with the business by demonstrating that well-designed security will give value back to the business.”
Also new this year are key topics to ask about as you prepare to raise your organization’s security posture. If these questions resonate with you, or provoke additional areas of inquiry, we’d love to hear from you at firstname.lastname@example.org.