Most companies unprepared to protect customers against data breaches

A majority (80 percent) of global security executives surveyed (78 percent in Singapore) are concerned that detected data breaches go unaddressed, reveals a survey released by ServiceNow.

This comes at a cost: More than one in 10 CISOs reported experiencing a significant security breach causing reputational or financial damage in the past three years, according to the study “The Global CISO Study: How Leading Organizations Respond to Security Threats and Keep Data Safe.”

Manual processes, resources and talent deficiencies, and the inability to prioritize threats are impairing security response effectiveness. As a result, CISOs are increasing the automation of security tasks to bolster their response and remediation efforts.

“Data breaches have a serious impact to businesses in Singapore and across the region,”  said Jimmy Fitzgerald, Vice President and General Manager, ServiceNow, Asia Pacific and Japan.

“According to the results of this survey, CISOs need to put their focus on the entire process of the security response. CISOs must start automating and prioritizing security tasks based on business criticality to ensure that threats are detected and dealt with quicker and more efficiently.

The study also revealed that 18 percent of Singapore CISOs (compared to 20 percent globally) rate their company as highly effective at preventing security breaches.

Sixty-six percent (compared to 70 percent) of CISOs say it is difficult to prioritize threats based on business criticality.

Customers may suffer the most from these gaps: Only 30 percent of CISOs (compared to 38 percent globally) believe they are highly effective at protecting against customer data breaches.

More than 24 percent of CISOs (compared to 30% globally) say manual processes and a lack of resources are barriers to their organization’s ability to detect, and respond to security breaches.

Just 8 percent of CISOs (compared to 7 percent globally) say their employees have developed the skills necessary to successfully prioritize security threats.

A small group of the overall survey sample (10 percent in Singapore), titled “Security Response Leaders,” differ from the rest in that they:

  • Automate a higher percentage of security activities, including more advanced tasks such as trend reporting.
  • Prioritize responses to security alerts based on business criticality. 
  • Build stronger relationships with IT and other departmental functions.