The report suggests that enterprises are clinging to outdated security approaches focusing on endpoints and the network perimeter, when they would be better served by a data-driven strategy that would concentrate on securing the information itself through encryption and other tactics.
"To a large extent," Bekker writes, "both security vendors and enterprises are like generals fighting the last war."
Cates says that some of the challenge is organizational. Too often, he says, CIOs and CISOs work at cross purposes, with the former rushing to push out new technologies to support the business side of the enterprise, while the marginalized security unit operates in a vacuum.
"I think, in general, security teams in large organizations are misaligned with the business," Cates says. "There needs to be an alignment there."
Sign up for CIO Asia eNewsletters.