FINAL WORD
How CIOs can navigate the complex landscape of cybersecurity investments
Patrick Spencer , VP , Kiteworks , tells us how CIOs can navigate the complex landscape of cybersecurity investments and outlines the most common pitfalls or misconceptions that CIOs encounter when making cybersecurity investment decisions .
aAs CIOs navigate the complex landscape of cybersecurity investments , what are the fundamental factors they should consider when prioritising where to allocate resources ?
When prioritising cybersecurity investments , CIOs should focus on several key factors to ensure effective resource allocation . One critical area is vulnerability management . Organisations must prioritise robust vulnerability and patch management due to the increasing exploitation of vulnerabilities as an initial path to data breaches . The 2024 Verizon Data Breach Investigations Report ( DBIR ) highlights a 180 % increase in such exploitations , underscoring the urgency of this issue .
Supply chain security is another important consideration . As organisations increasingly share sensitive content with numerous third parties , robust vendor risk management and security controls throughout the supply chain become paramount . The DBIR reports that 15 % of data breaches are now connected to the supply chain , reflecting a 68 % increase from the previous year . Ensuring that thirdparty partners adhere to strong security practices can help mitigate these risks .
Protecting personal data is also crucial . Given the financial , legal and reputational risks of personal data exposure , investments in technologies and practices that safeguard personally identifiable information ( PII ) and protected health information ( PHI ) are essential . The DBIR reveals that personal data was the top target in breaches , figuring in over 50 % of incidents . Effective data classification , encryption , and access controls can help protect sensitive information and ensure compliance with expanding privacy regulations .
Finally , addressing the human element is essential . Human error continues to be a major factor in security breaches , with the DBIR finding end-users are responsible for 87 % of errors leading to breaches . Comprehensive user training programmes and next-gen digital rights management capabilities for tracking and controlling sensitive content can mitigate these risks and foster a security-aware culture within the organisations .
In your view , what are the most common pitfalls or misconceptions that CIOs encounter when making cybersecurity investment decisions ?
Too often , CIOs can overemphasise their focus on network security while neglecting the primary target : data . This focus can lead to inadequate protection for sensitive content , which remains a prime target for cybercriminals .
Verizon ’ s DBIR notes that personal data , including personally identifiable information ( PII ) and protected health information ( PHI ), was involved in over 50 % of breaches this past year . Other studies cite data security , privacy and governance as top concerns .
76 INTELLIGENTCIO EUROPE www . intelligentcio . com