January 17, 2017
survey has revealed that 69% of senior security and IT
executives say digital transformation is forcing fundamental
changes to existing cybersecurity strategies. Financial and
customer information, brand reputation, intellectual property,
and employee information were also listed as critical assets to
protect against security breaches. New business priorities and
technologies also create challenges for IT and security teams,
with 65% of respondents indicating that public clouds have the
biggest security implications.
The results of the survey of more than 300 C-level executives in
North America and Europe also found that security transformation
impacts both the technology choices enterprises make to ward off
cyber thieves and the way companies organize internal
stakeholders, assess risk, and prioritize future investments.
The central theme in this year’s report is the mandate for
accountability and information sharing that must be addressed
across different organizations, with a focus on prevention,
detection, and incident response – or run the risk of falling
prey to continued attacks. In fact, 52% of respondents indicate
that accountability for security breaches has increased for
their operations teams.
“Make no mistake, cybersecurity is a critical initiative across
the board. Every company, government, and society is seeking new
innovative paths to drive our digital future, but all are
battling increased threats from phishing, ransomware, and known
vulnerabilities,” said Bill Berutti, president of security and
compliance at BMC. “Businesses need to tear down security and
operations walls – or keep getting hacked. BMC is continuing to
deliver highly sophisticated SecOps solutions that are
illustrating our commitment and leadership in addressing these
top customer priorities.”
“The biggest fear of the CIOs and CISOs I speak to is seeing
their companies on the front page of The Wall Street Journal
because they’ve had a massive breach,” says Sean Pike, program
vice president for security products at IDC.
Prioritize for Maximum Impact
In 2016, enterprises placed greater emphasis on vulnerability
discovery and breach remediation as a way to make themselves
less attractive to hackers. Enterprises are prioritizing the
neutralization of known risks, with 64% of respondents
indicating they plan to prioritize protecting against and
responding to known security threats in the next 12 months.
Effective execution of known risks will enable teams to then
focus on the unknown risks, or unplanned activities. Sixty-eight
percent plan to enhance incident response capabilities in the
next 12 months. The guiding principle is that enterprises should
avoid as many incidents as possible by eradicating the known
risks with systematic and effective execution, allowing them to
focus the best resources at driving out any intruders that
nevertheless find a way in.
As digital transformation pushes IT and security leaders to
reevaluate their cybersecurity strategies, it is also impacting
overall enterprise spending priorities. Seventy-four percent of
CIOs and CSOs say security was a higher priority in 2016 than in
the previous year. A decisive 82% of executives plan to invest
more in security in the coming year, recognizing that company
boards are more willing to increase in security investments if
proposals come with solid business cases.
Cybersecurity Playbook Recommendations
on the results, BMC recommends enterprises act now or leave
corporate assets vulnerable to hackers and includes the
following actions to close the SecOps gap in the digital age:
•Create a modern cybersecurity strategy backed by a solid
business model, including spending proposals that target
security spending in areas of greatest impact.
•Increase efforts to secure mission-critical assets. Devote
additional personnel and technology to ensure the enterprise is
•Develop an enterprise-wide culture of security that includes
key stakeholders like the line of business owners who can help
reduce “weak link” security gaps.