Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released new research revealing that almost all (93%) of UK CISOs receive more board support after a breach has occurred, yet this largely fails to prevent future incidents.
The “Mind of the CISO: Behind the Breach” research found that over half (58%) of UK CISOs have experienced repeated successful attacks in the past five years. This demonstrates a need for a more proactive approach from the board when it comes to ensuring robust cyber-defence.
Bryan Palmer, Chief Executive Officer of Trellix said: “Raising the urgency and cyber literacy of their own board is one of the CISO’s greatest challenges. The research suggests many boards’ willingness to support cybersecurity only happens after an attack. Clearly, it should be the other way around.”
Boards take a reactive stance in the face of a breach
In the aftermath of a cyber incident, 62% of UK CISOs have received what they describe as “a lot more support” from the board. This is a positive shift when compared to previous findings which reported that the vast majority (96%) of CISOs found it challenging at the time.
- Following a cyber incident, nearly half (47%) of UK CISOs were granted increased budget for additional technology and tools.
- 43% of respondents reported that XDR is increasingly being viewed as an integral tool, with over a third (37%) of UK CISOs reporting turning to XDR to upgrade their current security solutions.
“XDR can actually aggregate and correlate data from multiple sources and, therefore, reduce false positives. We see less alert fatigue in the security teams, and XDR allows us to be proactive rather than defensive and post facto, another big difference,” shared a CISO of a UK company.
Technology limitations found to be a primary point of failure
When identifying the causes behind major cybersecurity incidents, over a third of CISOs cited that the wrong technology or incorrect configuration contributed to failures in detecting an attack and therefore the likelihood of preventing a subsequent breach.
“Technology is always vulnerable and while companies have limited budgets, outside there might be unlimited opportunities for hackers,” said a CISO for a UK insurance company.
- 57% found that this was due to technological limitations inhibiting countermeasure execution, and 42% found that these limitations actively contributed to failures. Manual processes (50%) and disconnected security controls (52%) left procedural gaps, stifling an effective response.
- 47% of CISOs highlighted the inability to respond quickly enough, with siloed security (38%) and poor configurations (45%) being main contributors.
- For organisations not utilising XDR at the time of the incident, 76% felt that it could have lessened the impact; almost all (97%) felt it could have prevented a breach altogether.
- When considering the role of employees, almost half (47%) of UK CISOs cited a gap in knowledge as a core contributor to the breach. 52% noted there were not enough IT skills to deal with the complexity of the incident; with 47% identifying lack of SOC analysts, threat hunters or incident responders.
Fabien Rech, GM and SVP EMEA at Trellix said: “From the malicious use of AI to the surge in nation-state threat activity by 50%, cybercriminals are continuing to sharpen their tools and use a range of techniques to infiltrate businesses. Fortunately, this has only led UK CISOs to become more determined and resilient in their commitment to cybersecurity.
“However, this motivation and confidence can only go so far. CISOs need to have support from the board and executives so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.”
To boost engagement and support for CISOs, Trellix launched its Mind of the CISO initiative earlier this year encompassing a CISO Council, webinars, and research. For more information around the new Mind of the CISO: Behind the Breach findings, the eBook can be found here.
Methodology
The Trellix study, conducted by Vanson Bourne, surveyed more than 500 global CISOs from companies with a minimum of 1,000 employees in the US, Mexico, Brazil, UK, France, Germany, Australia, India, Singapore, UAE, South Africa, Japan, South Korea, and Saudi Arabia. Industries covered include energy and utilities, healthcare, public sectors, manufacturing and production, and financial services. Every respondent experienced at least one cyber incident in the last 5 years.
An ebook is available:
