Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources

At stake are the most vital assets—sensitive and proprietary data at the heart of their business and brand.

Chief information security officers (CISOs) are engaged in an arms race between the capabilities of attackers and their own defense postures. Many organizations were once resolutely focused on “the perimeter defense”—keeping anything from getting into the network in the first place. However, there is a growing realization that breaches are inevitable, and that strong detection and response practices are a greater priority. This is reflected in the research conducted by Forbes Insights for this report.

Real-world cybersecurity demands that CISOs make hard choices. They must allocate limited funding to the highestreturn projects. They must direct their overburdened teams to the most serious breaches. Above all, they must rebalance their own time and resources, pivoting from dealing with tactical issues to strategic leadership.

To gain insight into the strategic decisions being made among leaders on the front lines of security, Forbes Insights surveyed more than 200 CISOs about the cyberscape before them—and how they maximize their company’s security with finite resources.

Our report is for CISOs, by CISOs—and it’s ultimately about the confidence that comes from building and executing a strategy that effectively prioritizes resources against threats. We directed the questions and interviews exclusively at C-level security leaders to get a senior perspective on the lessons learned and the practices in place to build holistic and effective cyber-defense programs. What are they doing to sleep well at night?