It was telling to find in our recent survey that 56 percent of respondents (over half) have experienced a significant security event (breach, intrusion, malware infection, etc.) in the past year. Ninety-four percent of respondents said they know they have further to go to implement effective security. And 43 percent admit that they sometimes have to take shortcuts for dealing with security issues – such as completely wiping an infected endpoint rather than surgically removing the malware. (See Figure 1.)
But it’s not all bad news. Ninety-five percent of respondents said they can efficiently identify which data and systems within their organization require the highest levels of protection – a good start! So why are they still struggling? Is it about the money? Or are other factors at play?
Cisco’s Head of Advisory CISOs, Wendy Nather, calls out the following four factors that can affect security success:
Nather famously coined the term “security poverty line” several years ago to initiate this discussion. She also authored two reports on the topic while serving as a research director at 451 Research: “Living Below the Security Poverty Line” in 2011 and “The Real Cost of Security” in 2013.
“Based on my previous experience as a CISO in both the public and private sectors, I know there are plenty of organizations that struggle with security,” says Nather. “There are many dynamics to security challenges beyond just money – such that an organization spending millions could still be doing poorly in security, while an organization with a smaller budget could have sufficient defenses based on its specific needs.”
