Time to Reimagine Security Response

Data breaches are inevitable, and yet the fallout from an event can undermine a brand’s reputation and financial standing.

The average cost for a serious breach has climbed to $4 million, and the risks are only growing.[1] Ransomware attacks on companies increased by 35% last year and spear phishing increased by 55%.[2]

In this environment, the work of Chief Information Security Officers (CISOs) is ever more important and complicated. They must protect their organizations from an evolving variety of threats, while under scrutiny from across the C-suite and their boards to better mitigate risk.

Under pressure, it’s time to rethink strategy.

Since CISOs can’t completely prevent the threats, they need to refocus their teams and peers on strengthening their response to security risks.

This strategy requires a three-pronged approach: increase investment in automation; focus on prioritizing threats based on business criticality; and make better use of talent.

Nearly 300 CISOs agree, according to a study recently published by ServiceNow.

Step 1: Automate More

Many organizations rely on manual, decentralized systems for tracking security incidents. In fact, 28% of CISOs in our survey say manual processes are a barrier to effective security. But processes could look different in the near future: While just one-third of our respondents automate more than 40% of their security processes today, two-thirds plan to automate that amount in three years. And the tasks being automated are increasingly sophisticated as well. To improve their ability to respond to threats in a timely manner, CISOs should work to orchestrate processes and automate response and remediation tasks. And by working off a common platform with IT and other functions, security operations could automate faster and smarter, enabling for a smooth prioritization process.

Step 2: Leverage Automation to Prioritize

Automation helps organizations prioritize and respond to threats in real time, yet 70% of organizations surveyed say it is difficult to prioritize security alerts based on the importance of the data under attack. This failure to prioritize can paralyze organizations that try to address all threats equally, given that they can be hit by thousands of cyberattacks daily. CISOs recognize the problem: a large majority of CISOs (84%) say that prioritizing security alerts in the context of the larger business is critical to the success of their security function. These results echo Enterprise Strategy Group (ESG), which reported that nearly 75% of executives surveyed said that incident response tends to be based upon informal processes.

Step 3: Allow Humans to Focus on Complex Tasks

By prioritizing threats through automation, CISOs can deploy their limited human resources to make better decisions, respond more quickly to threats and breaches, and anticipate future dangers. This is the job these professionals were hired to do rather than cataloging hundreds of suspicious emails. Optimizing the talent at hand critical since there is a shortage of skilled security workers. Currently, though, few companies have enough skilled security professionals who understand their company’s strategic operations and the broader threat environment in a way that allows them to prioritize security threats—just 7% of CISOs say this skill is highly developed.

By refocusing on how to best respond to security threats, CISOs can bolster the success of their companies, increase employee satisfaction by automating menial tasks, and help protect business-critical functions first.  Designed with these outcomes in mind, ServiceNow’s security offering helps CISOs and their teams streamline their security response and act on threats faster and more effectively than ever before.


[1] Ponemon Cost of Data Breach Study, Ponemon Institute, June 2016.

[2] Internet Security Threat Report, Symantec, 2016.

Michael Jones
Michael Jones is a Principal Executive Architect with ServiceNow’s Inspire Program. In this role, Michael provides executive level consulting to extend the value of service management across the corporate enterprise and support organizations in their efforts to transform and modernize. This includes all aspects of Service Management, from Business Management to IT Operational Management domains. Michael is a contributing member to a number of open source and standards bodies. Michael contributed and helped drive the Cloud Computing Reference Architecture currently in use at IBM. He is ITIL v3 certified, and has been a member of ITSMf and DMTF for the past 15 years. Before joining ServiceNow in 2015, Michael worked for IBM for 15 years. He led the World Wide Technical organization as an Executive Architect. This role allowed him to work with 100’s of clients world wide, and to provide direct feedback to development executives on the path technology should take in improving organizational effectiveness. His customer interaction spanned across strategy alignment, architectural decision-making, and technical implementations. Michael was a contributing member to a large Telecommunications company’s Cloud Architecture Committee where he provided input on strategy and technical decisions to drive actualization of cloud related capabilities. Michael’s passion is to help organizations optimize performance, incorporate best practices and execute successfully on their strategic roadmaps. He is excited to bring his varied background in IT, Service Management, Cloud, and Architecture design to help organizations of all sizes and industries find success in extending ServiceNow across the enterprise.

Leave a Reply Text

Your email address will not be published.