Everyone interviewed encourages CIOs to focus on building out security programs based on measurable risks and outcomes. Too many organizations today are operating on gut instinct, our survey revealed.
The largest percentage of respondents (35%) measure the effectiveness of security spending by professional judgment, followed by reduced security incidents and breaches (29%), and total cost of ownership (24%). Less than a quarter of firms (24%) measure improvement against security metrics. One in five respondents do not know how the effectiveness of their IT security program is measured.
Those results are surprising, considering the substantial costs of security events when do they happen. Financial losses, according to our survey, average more than $1.6 million per incident.
Read more about security in CIO's Security Drilldown.