SAN JOSE, Calif.--(BUSINESS WIRE)--Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released new research as part of the company’s Mind of the CISO initiative. Trellix’s ‘Mind of the CISO: Behind the Breach’ research surveyed global Chief Information Security Officers (CISOs) across major industries to better understand the unique challenges faced after experiencing a cyber attack.
“Raising the urgency and cyber literacy of their own board is one of the CISO’s greatest challenges,” said Bryan Palma, CEO of Trellix. “The research suggests many boards’ willingness to support cybersecurity only happens after an attack. Clearly, it should be the other way around.”
The research reveals what CISOs face in the aftermath of a cyber incident:
- CISOs remain reactive until boards become proactive. 95% of CISOs receive more support from the board following an attack – with 46% receiving an increased budget for additional technology, 42% revising their overall security strategy, 41% implementing new frameworks and standards, and 38% creating new jobs and responsibilities after an attack.
"The biggest learning is the awareness had to be raised at the board level…unfortunately, it had to take an incident to do so,” shared a CISO of an Australian government agency.
- CISOs face attacks from all angles. Data theft attacks (48%), malware (43%), and DDoS attacks (37%) are most commonplace.
- XDR is a viable threat prevention solution. At least 92% of respondents agree improvement is needed across people, processes, and technology after experiencing a major cyber incident. Further, 95% believe if their organization had implemented XDR, the major cybersecurity event they experienced would have been prevented.
"XDR can actually aggregate and correlate data from multiple sources and, therefore, reduce false positives. We see less alert fatigue in the security teams, and XDR allows us to be proactive rather than defensive and post facto, another big difference,” shared a CISO of a UK company.
- Hidden consequences of cyber incidents impact organizations the most. Consequences with clear costs, such as revenue loss and rising insurance premiums, were not reported as having the biggest impact. Instead, top impacts include data loss (42%), significant stress to their SecOps teams (41%), and declining reputation (39%) as the key factors negatively impacting their organizations.
“Experiencing a cyber incident reinforced the concept that we need to be ever-vigilant, and no matter how secure we think we’ve gotten things, no matter how many tools we have in place, it’s a constant battle,” shared a CISO of a U.S.-based manufacturing company.
To increase engagement among and support for CISOs, Trellix launched its Mind of the CISO initiative earlier this year, encompassing a CISO Council, webinars, and research. For more on these new findings, Trellix’s ‘Mind of the CISO: Behind the Breach’ eBook can be found here.
Methodology
The Trellix study, conducted by Vanson Bourne, surveyed more than 500 global CISOs from companies with a minimum of 1,000 employees in the U.S., Mexico, Brazil, UK, France, Germany, Australia, India, Singapore, UAE, South Africa, Japan, and South Korea. Industries include energy and utilities, healthcare, public sectors, manufacturing and production, and financial services. Every respondent experienced at least one cyber incident in the last five years.
About Trellix
Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security. More at https://trellix.com.