A new survey from Forbes of 209 chief security officers, Making Tough Choices: How CISOs Manage Escalating Threats And Limited Resources concludes that “CISOs live in a world where cyber risk is almost certain to escalate. They also operate in an enterprise in which security resources are unlikely to keep up in this arms race.”
The number one priority for cyber defense among the CISOs surveyed was protecting the “crown jewels” of brand and customer data. The biggest roadblocks to security? 36% said lack of budget, 35% said lack of a central cybersecurity strategy and 35% cited lack of support from senior management.
“There’s no single good answer for where you should focus your budgets,” Forbes quotes Dawn Cappelli, VP, global security and chief information security officer at Rockwell Automation. “I believe you should take a structured approach to look at the whole big picture and then prioritize based on risk.”
Prioritization based on risk wasn’t a focus of the Forbes survey but Cappelli’s insight actually applies across the boards to the CISO concerns covered.
When it comes to…
- Identifying crown jewel assets and assessing security investments to protect them.
- Justifying budget
- Organizing cybersecurity strategy
- Winning board and management support
…quantitative cyber risk analysis produces results in the financial terms that the rest of the business understands. Using the RiskLens platform, powered by Factor Analysis of Information Risk – the FAIR model – for cyber risk quantification, forward-looking CISOs are making those tough choices based on reliable estimates of cyber risk and financial return on investment in cybersecurity.