New Research Report: Key Metrics to Defend Against Threats: The CISO Perspective
What are the major challenges faced by CISOs and security leaders as they address cyber risk at the board level? We conducted the survey to gain a greater understanding of how CISOs are measuring and evaluating potential threats, speaking directly with over 200 CISOs across a wide range of industries in the United States and Canada.
Aspects highlighted in the survey included evaluating what metrics CISOs are measuring and how they are assessing cyber risk across multiple areas, such as incident response, vulnerability patching, and phishing simulations, as well as the overall impact of various cyber risk management strategies.
Some Key Findings from our research report include:
89% of CISOs measure the maturity and performance of their full security program at least once each quarter, and more than half of CISOs measure monthly. The right technology can simplify and automate a heavily manual task for today’s CISOs.
33% of CISOs are not working towards a same-day Mean Time to Detect (MTTD), and do not have an SLA to start working on mitigating risk within 8 hours of a breach.
With the average SLA for patching and resolving critical vulnerabilities remaining at 16.3 days, attackers have a favorable landscape to launch attacks and deepen their foothold.
The average Mean Time to Respond (MTTR) that CISOs report is 9 hours, with the IT industry being the fastest to respond to threats, in under 7.4 hours.
The Financial Services industry, which many expect to be ahead of the curve in security, is actually at 9.3 hours.
“As cyber threats continue to evolve at an unprecedented pace and regulations demand more involvement from CISOs at the board level, understanding how security leaders evaluate and measure their security programs is crucial to fortifying an organization’s security posture. Our survey sheds light on critical benchmarks in the industry, revealing both areas of strength and serious opportunities for improvement,” said Sivan Tehila, Onyxia’s CEO and Founder. “These findings indicate a pressing need for CISOs to adopt new technologies like streamlined security management platforms that not only automate their ability to assess program performance but also enhance their ability to safeguard their organizations against evolving threats.”
The Onyxia survey was conducted out of a pool of 200 CISOs, with 80% residing in the United States, and 20% in Canada. All CISOs have 3 or more years of experience in their role and currently work at companies with more than 100 -1000+ employees. Respondents were split across all industries, with the exclusion of non-profits, the report was administered online by a third-party global research firm with all responses collected within the month of June 2023.
To download the report and access the full survey results, click here.