Summary Bullets:
• Security resilience, defined as the ability to protect the integrity of every aspect of the business against threats and unexpected conditions, is a top priority for 96% of the 4,751 enterprise organizations surveyed in recent Cisco-sponsored research.
• Of the enterprises queried, 41% report that there had been a major security incident or loss within the last two years.
In a time where enterprise risk is omnipresent, IT professionals operate in a heightened state of alert. Organizations are cognizant of the fact that they are not only being targeted by cybercriminals, but that an intrusion is more likely than not to occur. With this in mind, Cisco conducted its third annual Security Outcomes research to get a sense of what is working for organizations as they strategize to defend their enterprises against a relentless threat environment. The high-level takeaway is that IT departments are making powering through security incidents (not just recovering from them) a top priority, with 96% of the 4,700 surveyed organizations calling cyber resilience a crucial concern for their business.
More than half of the surveyed organizations say they had suffered an incident that interrupted business operations, reported network and/or data breaches, and experienced network and/or system outages. Ransomware-related and DDoS attacks were the next most-frequently named events, each impacting about 46%.
These incidents affected operations in a number of ways. More than 60% say the events had disrupted communications and IT operations. About 43% say events had interfered with supply chain operations. Internal operations had been interrupted for 41% of the surveyed organizations. Nearly 40% say security incidents had a lasting negative impact on their corporate brand.
A major takeaway from the survey findings is that security resilience is determined by a number of factors around effective policies, best practices, and a strong security infrastructure based on a zero trust architectural approach. Having executive buy-in with respect to both investment and practices is essential to achieving a high level of resilience, with those organizations earning a 39% higher resilience score than their counterparts with limited backing. An important part of this investment is in staffing. Enterprises with sufficient personnel resources have scored a 15% higher resilience outcome than those with staffing limitations.
Some of the challenges associated with security resilience are related to the complexity or transitory nature of enterprise infrastructures. Those who either described their infrastructure as primarily on-premises or mostly cloud-based had almost equally high resilience outcomes. But organizations in the early stages of migrating to the cloud had scored significantly lower.
Security technology also obviously plays an important part in achieving a high level of security resilience. Organizations that had deployed a complete zero trust architectural model have scored 30% higher than those without. Integrating network and security together via a SASE model has helped enterprises drive 27% better resilience scores.
Ultimately, approaching security as an essential element to maintaining operational stability and consistency is not only pragmatic but also should produce better results. These outcomes will be demonstrated through increased productivity, better performance, and greater efficiencies.