Security teams who proactively refresh their technology have the most success across the board, highlighting the importance of cloud and software as a service (SaaS) solutions
Implementing well-integrated security technologies is inextricably linked to attracting and retaining the best talent
Trainings alone are not the most effective way to establish a successful company-wide security culture
Cisco today published its 2021 Security Outcomes Study, offering actionable insights for practitioners deciding where to focus their efforts in the year ahead. The double-blind, independently analyzed survey of 4,800 security, IT and privacy professionals across 25 countries pulls back the curtain on what specific practices foster greater security. The results offer security teams a blueprint for success beyond managing risk, but also enabling the business and operating efficiently.
The survey revealed that change is a primary factor in cybersecurity success. On average, programs that include a proactive, best-of-breed tech refresh strategy are 12.7% more likely to report overall security success – the highest of any practice. Unfortunately, not all organizations have the budget or expertise to make this happen, also known as the "Security Bottom Line." A strategy to migrate to cloud and SaaS security solutions can help close this gap. Subscription-based solutions are affordable, easy to deploy and integrate, while automatic updates ensure the technology is continually modernized without additional cost or effort.
Other key findings from the report include:
A well-integrated technology stack is the second most important factor for cybersecurity success. It has a positive impact on nearly every outcome evaluated, increasing the probability of overall success by an average of 10.5%. Interestingly, integrations also benefit the recruitment and retention of talent, as security teams want to work with the best technology and avoid burnout.
Integration is also the most significant factor in establishing a security culture that the entire organization embraces. Instead of traditional security training programs, which did not correlate with positive culture, invest in technology that is flexible and frictionless.
As a standalone practice, simply knowing potential cyber risks appears to correlate the least with overall success. This seems surprising, but points to the importance of a comprehensive threat intelligence and incident management program with the ability to both mitigate and remediate. In fact, practices such as timely incident response and accurate threat detection correlate much more strongly with overall security success.
"Security practitioners need to make fast, informed decisions. Yet they are often armed with dozens of tools from multiple vendors, requiring a fair amount of duct tape to get them to work together. This creates complexity, cost, and overhead," said Mike Hanley, Chief Information Security Officer at Cisco. "Cisco's 2021 Security Outcomes Study helps teams prioritize practices that not only secure the business, but also play a significant role in enabling its growth and success. Even in the face of an ever-changing threat landscape and shrinking budgets, successful security outcomes are possible."
Cisco (NASDAQ: CSCO) is the worldwide leader in technology that powers the Internet. Cisco inspires new possibilities by reimagining your applications, securing your data, transforming your infrastructure, and empowering your teams for a global and inclusive future. Discover more on The Network and follow us on Twitter.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.