CEOs Confident But Naive About Cyber Defense Strategies
Cybersecurity analytics solution RedSeal has found that more than 80 percent of CEOs are very confident in their cybersecurity strategies, despite security incidents surging 66 percent year over year since 2009.
"CEOs are underestimating their companies' cyber vulnerabilities," said Ray Rothrock, chairman and CEO of RedSeal. "Their confidence does not square with what we observe. Cyber-attacks are up and financial losses associated with these attacks are increasing dramatically." Specifically, PricewaterhouseCoopers' 2015 Global State of Information Security Survey projected that financial losses from cyber-attacks will jump from $500 billion in 2014 to more than $2 trillion in 2018.
The study found that, while 87 percent of CEOs agree that they need a better way to measure the effectiveness of their cybersecurity investments, 84 percent still plan to increase their spending in the next year. A trend reiterated by IDC's Oct. 2016 prediction that organizations will spend $101.6 billion on cybersecurity software, services, and hardware in 2020, a 38 percent increase from its 2016 spend projections.
"We've reached an inflection point where cyber security strategies and investments have underperformed for an extended period of time. Analysts estimate that cyber losses are now growing more than twice as fast as the spend on security," continued Rothrock. "To stem this tide, CEOs and boards need more effective metrics to understand the real-time health and function of their network, and to more clearly manage and measure their cyber strategies and investments."
Even though security budgets are at an unprecedented high, nearly three out of four CEOs report the metrics they receive lack meaning or context. Most (79 percent) agree their reports are too difficult to understand, and 87 percent need a better way to measure whether cybersecurity investments are effective. In addition, they cite a lack of timeliness (51 percent) as well as only receiving reports in times of crisis (50 percent) as significant challenges.