CISOs point to a growing trend of infosec vendor consolidation

1 Mar 2019

Image: © Masson/

A smaller number of vendors amounts to less complexity in what is already a complicated threat environment.

Chief information security officers (CISOs) are following a trend of reducing the number of security vendors they use, according to the latest Cisco 2019 Benchmark Study.

The annual survey found that complex security environments made up of solutions from 10 or more security vendors could be hampering security professionals’ visibility across their environments.

‘More than ever, CISOs are taking a much more proactive role in reducing their exposure through consolidation and training’

65pc of respondents do not find it easy to determine the scope of a compromise, contain it and remediate from exploits. The unknown threats that exist outside the enterprise in the form of users, data, devices and apps are also a top concern for CISOs.

The study of more than 3,000 security leaders in 18 countries found that 44pc have increased their investment in security defence technologies, 39pc have conducted security awareness among employees and 39pc have focused on implementing risk mitigation techniques.

Survey respondents also noted the continued high financial impact of breaches. 45pc reported that the financial impact of a breach to their organisation was more than $500,000.

The good news is that more than 50pc of respondents are driving breach costs below half a million dollars. A stubborn 8pc, however, claim a whopping cost of more than $5m per incident for their most significant breach of the past year.

Proactive defence

“This year more than ever, CISOs are taking a much more proactive role in reducing their exposure through consolidation and training, as well as investments in critical technologies for cyber defence and breach containment, but there is still more to do,” said Steve Martino, senior vice-president and CISO at Cisco.

“You can’t protect what you can’t see, and security leaders are still struggling to gain greater visibility across their organisation and into threats. Cisco is committed to helping organisations address these challenges and implement new techniques and technology to stay one step ahead of malicious actors and threats.”

Key takeaways from the latest study indicate that the most collaborative teams lose the least money and that the elimination of silos results in a tangible financial upside. 59pc of those who stated that their networking and security teams were very/extremely collaborative also stated that the financial impact from their most serious breach was under $100,000 – the lowest category of breach cost in the survey.

Another takeaway is that AI and machine learning, used right, are essential to the initial stages of alert prioritisation and management. However, reliance on these technologies has decreased as respondents possibly perceive the tools to be still in their infancy or not ready for prime time.

Employees and users continue to be be the biggest protection challenge for CISOs. They say that having an organisational process that starts with security awareness training on day one is essential, but only 51pc rate themselves as doing an excellent job of managing employee security through comprehensive onboarding and processes for transfers and departures.

Phishing and risky user behaviour – most likely clicking malicious links in email or websites – remain as top concerns for CISOs. The perception of this risk has held steady for the past three years between 56pc and 57pc of respondents.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years