Mar 28, 2019
Why Do 81% Of CIOs and CISOs Hold Back on Important Security Updates?By Ryan Kazanciyan
Tackling the challenge of Business Resilience
A resilient organization can depend on its people, processes and technology to quickly adapt to cyberattacks, outages and other forms of disruption. So why do 81% of CIOs and CISOs admit to holding off on important security updates they know are needed to protect their organizations?
Too often, a majority of IT leaders make regular compromises between security and IT operations in an effort to satisfy needs from across the business. Internal politics, “keeping the lights on,” and prioritizing new systems over protecting existing business assets were just some of the reasons cited by over 500 CIOs and CISOs in our just-released Global Resilience Gap study.
As leaders, CIOs and CISOs face pressure from all sides. They must keep organizations continuously compliant, keep critical information secure, manage fleets of networked devices and fulfill the increasingly common executive mandate to make technology an enabler for business growth. But in fragmented environments, where organizations use a range of point products for security and operations and lack full visibility and control, there are regular compromises taking place among these priorities.
As a result, organizations leave themselves open to disruption, and even basic security hygiene gets lost in the shuffle. In the study, 80% of CIOs and CISOs also said that a critical update or patch they thought had been deployed wasn’t actually updated on all devices, leaving their organizations open to attack. With a large percentage of breaches tied to unpatched systems, proper patch compliance must be a top priority, especially with ransomware and other threats still so prevalent.
Time to rebalance your approach to security and operations
Patching challenges are just one example of what happens after too many trade-offs between security and IT operations. So many IT and security leaders are gambling with basic security hygiene. Like many of you, I walked the show floor at this month’s RSA Conference with a mix of curiosity and vendor fatigue: so many shiny logos, selling so many point products using so many buzzwords around AI, or machine learning, or orchestration … but still missing the point that without proper visibility and control, teams can’t unite around a common set of actionable data about their environment.
Head here to receive your copy of our 2019 Global Resilience Gap study, including key recommendations for closing your resilience gap.