Most CISOs Believe Companies Stake Their Reputations on Cybersecurity Budgets, Survey Shows

Nine in 10 IT security professionals say their companies can improve their reputations by better protecting data, according to a Bitdefender survey. CISOs and their teams also admit a weak posture could have the opposite effect, as seen in countless headlines in recent years that have sullied corporate images following security breaches.

Some 45% of CISOs place reputational cost as the second-biggest risk of remaining unaware of an ongoing breach, right after business interruption (55%).

Until recently, customers judged companies’ by the quality of their products or services, their mission and vision, or their contribution to community and other corporate social responsibility initiatives. However, in an era where the digital and physical aspects seem to merge, major security breaches exposing personal data of hundreds of millions users – from healthcare records to confidential love affairs, private emails, and sensitive financial information – have been a game changer. By invading privacy and exposing publicly users’ records, companies could lose customers’ trust, which translates into declining revenues, or even bankruptcy.

“CISOs leverage their own or, if lucky, other companies’ breaches to raise security topics at board meetings, and even to justify higher security spending,” says Bogdan Botezatu, Bitdefender’s Director of Threat Intelligence. “They can now offer solid proof to board members that, without bigger budgets, it’s only a matter of time until their organization is breached. And breaches shake customers’ confidence in the brands collecting their information and in the people appointed to protect them. By presenting actionable intelligence reports to board members, CISOs can argue for new technologies and more staff by showing relevant stats, figures, the effectiveness of the current security stack, and how larger budgets would help drive business and value.”

As board members often base strategic decisions on a company’s bottom line, CISOs face the burden of balancing infrastructure and security needs with financially-savvy proposals that help board members understand the threat landscape and security risks, and their potential impact on the company’s growth.

Fighting increasingly complex attacks demands larger budgets, CISOs say. And only four in 10 IT security professionals say they have a big enough budget to efficiently secure infrastructures. Most feel understaffed or unable to support infrastructure expansion.

The survey, conducted in March 2019 by Bitdefender, included IT security purchase professionals from managed service providers and large enterprises based in the US and Europe that use Bitdefender Cloud Security products.