The survey found that enterprises in 2016 were placing more emphasis on vulnerability discovery and breach remediation. Sixty-four percent of respondents said they plan to prioritize protecting against and responding to known security threats in the next 12 months, and 43 percent said they will make timely patching and remediation a higher priority in 2017.
The respondents believe that more effectively responding to known risks will allow their teams to focus more attention on unknown risks and unplanned activities. Sixty-eight percent said they plan to increase incident response capabilities in the next 12 months.
CIOs and CSO up their investments in security
On the whole, enterprises are increasing their investment in security: 74 percent of CIOs and CSOs said security was a higher priority in 2016 than in the previous year. Additionally, 82 percent of executives said they plan to invest more in security in the coming year, with the recognition that boards are more willing to increase security investments if proposals come with solid business cases.
"The biggest fear of the CIOs and CISOs I speak to is seeing their companies on the front page of The Wall Street Journal because they've had a massive breach," Sean Pike, program vice president for Security Products at research firm IDC, said in a statement Wednesday.
BMC recommends enterprises take the following actions to close the SecOps gap:
- Create a modern cybersecurity strategy backed by a solid business model, including spending proposals that target security spending in areas of greatest impact.
- Increase efforts to secure mission-critical assets. Devote additional personnel and technology to ensure the enterprise is secure.
- Develop an enterprise-wide culture of security that includes key stakeholders like the line of business owners who can help reduce "weak link" security gaps.
Sign up for CIO Asia eNewsletters.