69% of senior security and IT executives say digital transformation is forcing fundamental changes to existing cybersecurity strategies, according to BMC and Forbes Insights. Financial and customer information, brand reputation, intellectual property, and employee information were also listed as critical assets to protect against security breaches.
Areas that will see the highest investment in the coming year
New business priorities and technologies also create challenges for IT and security teams, with 65% of respondents indicating that public clouds have the biggest security implications.
The results of the survey of more than 300 C-level executives in North America and Europe also found that security transformation impacts both the technology choices enterprises make to ward off cyber thieves and the way companies organize internal stakeholders, assess risk, and prioritize future investments.
The central theme in this year’s report is the mandate for accountability and information sharing that must be addressed across different organizations, with a focus on prevention, detection, and incident response – or run the risk of falling prey to continued attacks. In fact, 52% of respondents indicate that accountability for security breaches has increased for their operations teams.
“Make no mistake, cybersecurity is a critical initiative across the board. Every company, government, and society is seeking new innovative paths to drive our digital future, but all are battling increased threats from phishing, ransomware, and known vulnerabilities,” said Bill Berutti, president of security and compliance at BMC.
Prioritize for maximum impact
In 2016, enterprises placed greater emphasis on vulnerability discovery and breach remediation as a way to make themselves less attractive to hackers. Enterprises are prioritizing the neutralization of known risks, with 64% of respondents indicating they plan to prioritize protecting against and responding to known security threats in the next 12 months.
Effective execution of known risks will enable teams to then focus on the unknown risks, or unplanned activities. Sixty-eight percent plan to enhance incident response capabilities in the next 12 months. The guiding principle is that enterprises should avoid as many incidents as possible by eradicating the known risks with systematic and effective execution, allowing them to focus the best resources at driving out any intruders that nevertheless find a way in.
As digital transformation pushes IT and security leaders to reevaluate their cybersecurity strategies, it is also impacting overall enterprise spending priorities. Seventy-four percent of CIOs and CSOs say security was a higher priority in 2016 than in the previous year. A decisive 82% of executives plan to invest more in security in the coming year, recognizing that company boards are more willing to increase in security investments if proposals come with solid business cases.
How has the role of the operations team changed with respect to the following?
Cybersecurity Playbook Recommendations
Based on the results, BMC recommends enterprises act now or leave corporate assets vulnerable to hackers and includes the following actions to close the SecOps gap in the digital age:
- Create a modern cybersecurity strategy backed by a solid business model, including spending proposals that target security spending in areas of greatest impact.
- Increase efforts to secure mission-critical assets. Devote additional personnel and technology to ensure the enterprise is secure.
- Develop an enterprise-wide culture of security that includes key stakeholders like the line of business owners who can help reduce “weak link” security gaps.