Cisco Eyes Most Impactful Security Practices

December 3, 2020

Cisco published its 2021 Security Outcomes Study, offering actionable insights for practitioners deciding where to focus their efforts in the year ahead. The double-blind, independently analyzed survey of 4,800 security, IT and privacy professionals across 25 countries pulls back the curtain on what specific practices foster greater security. The results offer security teams a blueprint for success beyond managing risk, but also enabling the business and operating efficiently.

The survey revealed that change is a primary factor in cybersecurity success. On average, programs that include a proactive, best-of-breed tech refresh strategy are 12.7% more likely to report overall security success – the highest of any practice. Unfortunately, not all organizations have the budget or expertise to make this happen, also known as the “Security Bottom Line.” A strategy to migrate to cloud and SaaS security solutions can help close this gap. Subscription-based solutions are affordable, easy to deploy and integrate, while automatic updates ensure the technology is continually modernized without additional cost or effort.

Other key findings from the report include:

A well-integrated technology stack is the second most important factor for cybersecurity success. It has a positive impact on nearly every outcome evaluated, increasing the probability of overall success by an average of 10.5%. Interestingly, integrations also benefit the recruitment and retention of talent, as security teams want to work with the best technology and avoid burnout.

Integration is also the most significant factor in establishing a security culture that the entire organization embraces. Instead of traditional security training programs, which did not correlate with positive culture, invest in technology that is flexible and frictionless.

As a standalone practice, simply knowing potential cyber risks appears to correlate the least with overall success. This seems surprising, but points to the importance of a comprehensive threat intelligence and incident management program with the ability to both mitigate and remediate. In fact, practices such as timely incident response and accurate threat detection correlate much more strongly with overall security success.

“Security practitioners need to make fast, informed decisions. Yet they are often armed with dozens of tools from multiple vendors, requiring a fair amount of duct tape to get them to work together. This creates complexity, cost, and overhead,” said Mike Hanley, Chief Information Security Officer at Cisco. “Cisco’s 2021 Security Outcomes Study helps teams prioritize practices that not only secure the business, but also play a significant role in enabling its growth and success. Even in the face of an ever-changing threat landscape and shrinking budgets, successful security outcomes are possible.”