Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fortifying for the future: Insights from the 2014 IBM Chief Information Security Officer Assessment


Published on

The IBM Center for Applied Insights and IBM Security present their annual CISO Assessment, with this year’s edition, Fortifying for the future, focusing on continuing issues for security leaders and how they can better prepare for an uncertain future.

Published in: Technology

Fortifying for the future: Insights from the 2014 IBM Chief Information Security Officer Assessment

  1. 1. Fortifying for the future Insights from the 2014 IBM Chief Information Security Officer Assessment © 2014 IBM Corporation December 2014
  2. 2. The CISO Assessments have chronicled critical and emerging issues for security leaders – while also identifying leading practices to pursue © 2014 IBM Corporation 2 2012 2013 2014 Finding a strategic voice A new standard for security leaders Fortifying for the future Established three archetypes for security leaders – the Responder, the Protector, and the Influencer – and explored their characteristics. Identified practical steps for security leaders to reach the position of Influencer – through business practices, technology, and measurement. Seeks to define the next stage in the evolution of security leadership in order to provide recommendations for the future.
  3. 3. To explore the future of security leadership, we performed 138 in-depth interviews with organizations’ senior-most security leaders 63% of organizations surveyed had a named CISO Countries: US, Canada, UK, Australia, India Industries: Education, Financial Markets, Healthcare Provider, Retail, Telecommunications, Banking, Consumer Products, Production/Manufacturing, Utilities and Energy, Insurance, Media and Entertainment, Travel and Transportation, Electronics, Aerospace and Defense, Agriculture, Automotive, Chemicals, Wholesale, Biotechnology/Life Sciences © 2014 IBM Corporation 3
  4. 4. For the vast majority of security leaders, the world has dramatically changed in the last three years. Leaders are: © 2014 IBM Corporation 4
  5. 5. © 2014 IBM Corporation A large majority of organizations have redefined their view of security over the past three years More influence 90% strongly agree that they have significant influence in their organization 76% say that their degree of influence has significantly increased in the last 3 years Organizational support 71% strongly agree that they are receiving the organizational support that they need Strong internal collaboration 82% participate in strategic/C-suite meetings quarterly or more frequently 62% develop their security strategy in conjunction with other strategies (primarily IT, risk, and operations) 5
  6. 6. © 2014 IBM Corporation The threat is considered so great that many feel like they are losing the fight 83% say that the challenge posed by external threats has increased in the last three years (42% said dramatically) 59% strongly agree that the sophistication of attackers is outstripping the sophistication of their organization’s defenses 40% say that sophisticated external threats are their top current challenge – the number one area overall 6 External threats will require the most organizational effort over the next three to five years – as much as regulations, new technologies, and internal threats combined
  7. 7. © 2014 7 IBM Corporation
  8. 8. © 2014 IBM Corporation To better manage risk, security leaders need to start securing ecosystems, not just their own organizations 8 62% strongly agree that the risk level to their organization is increasing due to the number of interactions and connections with customers, partners, and suppliers 86% think that formal industry-related security organizations will become more necessary in the next 3-5 years – but only 42% are currently members of such organizations today Security leaders are more likely to share threat information with some parties than others
  9. 9. 86% have adopted cloud or have initiatives in the planning stage – of those, three-fourths see their cloud security budget increasing over the next 3-5 years © 2014 IBM Corporation New technology is seen as the primary way to minimize gaps, but emerging areas may need a different approach 9 72% strongly agree that real time security intelligence is becoming increasingly important to their organization Only 45% strongly agree that they have an effective mobile device management approach 54% can not envision new security technologies that are needed beyond what currently exists
  10. 10. While some established capabilities are widely seen as mature, other important areas like mobile and device security need to catch up © 2014 10 IBM Corporation
  11. 11. © 2014 IBM Corporation Regulations and standards will continue to be major factors – but there is great uncertainty over exactly how 79% said the challenge from regulations and standards has increased over the past three years Regulations and standards was the #2 area requiring the most organizational effort to address in the next three to five years (46% put it in their top three) Given possible scenarios for the future, security leaders were most uncertain about whether governments will handle security governance on a national or global level and how transparent they will be Only 22% think that a global approach to combating cybercrime will be agreed upon in the next three to five years 11
  12. 12. There are a number of actions security leaders can take today to begin fortifying their organizations for the future Enhance education and leadership skills Technology skills continue to be important, but pure business skills will take on more importance with security leaders’ growing influence Shore up cloud, mobile, and data security Leaders are not waiting for future technology capabilities to solve their problems, they are focused on deploying today’s security technologies to minimize their gaps Engage in more external collaboration Leaders should make a concerted effort to determine how to build trust and clearly assess the security of their ecosystem Plan for multiple government scenarios Regular dialogue with chief privacy officers and general counsels is essential for leaders to understand what requirements may arise © 2014 IBM Corporation 12
  13. 13. © 2014 IBM Corporation For more information David A. Jarvis Manager, Thought Leadership, IBM Center for Applied Insights
  14. 14. © Copyright IBM Corporation 2014 IBM Corporation New Orchard Road Armonk, NY 10504 Produced in the United States of America December 2014 IBM, the IBM logo and are trademarks of International Business Machines Corporation in the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or TM), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. Other product, company or service names may be trademarks or service marks of others. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. © 2014 14 IIBBMM CCoorrppoorraattiioonn