New CSO Benchmark Reveals Security Priorities.

Read More



New CSO Benchmark Reveals Security Priorities

A benchmarking exercise for business and technology leaders across Australia and New Zealand aims to enable CIOs to better allocate and manage cyber security resources.

The CISO Lens Benchmark 2019 drew on responses from 58 organisations that between them employ close to 1 million people and that spent more than A$18 billion on ICT in 2019. Fifty were from Australia, eight from New Zealand. Among them they had more than 3,000 full-time security employees.

Show Full Article

Register Now!
For FREE.

Are you looking for VA's? Want to hire a Virtual Assistant? You're just one step away. Our system will help you get the right Assistant for your Business. It's easy and relaible way of getting connected with an Assistant. Register Now.
- or -
Are you an Assistant? Want to offer your service virtually? Register as a Company and get connected to clients.


The Virtual List process is Simple! Want to know how?
Simply register and post your task sample as requirement on Request Quote tab, when you are looking to hire a Virtual Assistant Company.
And, when you are offering your VA services. Register and Send Quotes on the submitted request. It is just that simple. Prospects will review your proposal and get in touch directly.
Disclaimer: We do not charge any type of commission or fees for the service.
Our service is Free.

The benchmarking was undertaken by CISO Lens, a forum for CISOs of large Australian and New Zealand organisations.

Key findings on security facts and figures

Average spend. The average security spend was A$2,412 per full-time employee, but technology companies spent A$4,252 and financial organisations A$3,248.

CISO Lens managing director James Turner also flagged the breakdown of security spend between capex (32 percent) and opex (68 percent) and between ‘projects’ (40 percent) and ‘business as usual’ (60 percent). “What a lot of organisations do, particularly if they’re run by an extremely technical CIO, is they'll buy a tool but then forget that they'll actually need to maintain it through time. That means staff need to be trained, staff need to be given the time to extract value from the tool. And if a staff member moves on, they need other staff to be trained.

“That's the big 60 percent. But then there's the 40 percent projects … keeping up with what everyone else is doing. The criminals don't just sit back and say, ‘That’s it, we’re done for the year. We'll see you again in 2021.’”

All but two of the CSOs provided their security spend for the forthcoming 12 months, A$1.1 billion in total. The largest eight made up 51 percent of the total. Sixty-five percent expected to increase budget in the next year. The average increase reported was 18 percent. Security budgets averaged 6.3 percent of total IT budgets.

cisolens2019 prioritiesCISO Lens 2019 public report

Percentages add up to more than 100 percent because respondents were asked for their top three priorities. The yellow categories has the most nominations as No. 1 priorities.

Top priorities. Respondenets were asked to name their top three priorities. Identity and access management (IAM) and operational technology (OT) — including internet of things — are highlighted due to the high priority participants gave them. OT had the highest level of participants nominating it as their No. 1 priority. IAM was the second highest for being nominated as the No. 1 priority, and it also had the highest rate of No. 2 nominations.

CSO position. The benchmark identified one of its key finding as the level of the CSO in the company hierarchy. It found 43 percent of CSOs reporting to a CIO, CTO or COO who reported direct to the CEO.

“Fifty-eight percent of respondents were one step or less removed from the CEO. This is a clear statement from these organisations on the importance of making expert advice easily — and continually — available to the executive. … [and] 43 percent of the benchmark participants were reporting to a CIO/CTO/CDO that was reporting directly to the CEO. … This is important because it is an indicator that in these organisations both technology and security are likely viewed as strategic capabilities,” the report said.

Turner said breaks in this chain could have dire consequences for cyber security. “I saw one horrible instance where the CISO was reporting to the CIO who was reporting to the CEO. Then the CIO brought in someone between them, and that new executive’s sole KPI, which would equate to 80 percent their salary, was based on cost reduction. You can imagine how that turned out for the poor CISO.”

Outsourcing panned. The study identified what it said was “most surprising finding” as being dissatisfaction with outsourcing. Those organisations that reported insourcing as their primary approach were broadly satisfied Half of those outsourcing either for outcomes or resources) planned to increase their insourced capability in some way.

“The implication for the industry is that a substantial number of organisations are looking to improve their internal capabilities with more people, and they are all fishing from the same pond,” the report said. “There is a clear requirement for ongoing talent pipeline development — both young people coming into the workforce, as well as searching across professional domains for people with aptitude and transferable skills.”

Top security vendors. Respondents were asked to list their top five vendors that helped support the security and resilience of their organisation. The four that received the most nominations were:

  • Symantec: 21 nominations. The benchmarking was undertaken before official disclosure of Broadcom’s acquisition of Symantec.
  • Microsoft: 20 nominations
  • Cisco Systems: 11 nominations.
  • Amazon Web Services (AWS): 9 nominations
  • Background on the report

    Turner said the report was not meant to be statistically significant. “It is highly representative of an extremely small group ... [but] these are the companies that have taken the time and resources to create [the CSO/CISO] role and, usually, the team underneath them and all the reporting structures and governance that gets wrapped around that.”

    The 2019 benchmarking grew from a smaller exercise CISO Lens undertook in 2018 with the CISOs of 11 critical infrastructure organisations. “The data [from the first benchmark] kept on coming up in conversations with CIOs. ‘Are we spending enough, too much or not enough?’” Turner said. “That's one of their burning questions. Boards are particularly interested because they want to know that they're doing the right thing. … You'll often get CEOs and CFOs saying; ‘Where’s the baseline? We want to be just behind that.’”

    Participating CISO received a more comprehensive version of the benchmarking report late last year. “[The participating CISOs] are happy for me to release this public version because they recognise there are other organisations out there that still need to be putting up a good response to cyber risk,” Turner told CSO Australia.

    Turner runs a CIO group, the CIO Cyber Risk Network, on behalf of research and advisory firm IBRS.

    Copyright © 2020 IDG Communications, Inc.


    Thank you for your valuable time considering TheVirtualList.com as your Virtual Assistant Community Forum. The team has curated more valuable news on "New CSO Benchmark Reveals Security Priorities". Are you excited and wanna learn more! Excellent here are more articles on Outsourcing Business In Australia.

    NEWS & ARTICLES

    News and Articles on Virtual Assistants.