Cybersecurity

New Study: Why Cybersecurity Breach Survivors Are Your Firm’s Most Valued Asset

Brian Thomas | October 18, 2019

No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organization against future threats.

The report reveals that just over half of the 3,000 CISOs surveyed believe that learning from failure is incredibly valuable and a vital part of improving corporate cybersecurity postures. Indeed, these professionals may very well be your company’s best line of defense in the face of a potential cyberattack.

The Value of “Cybersecurity Breach Survivors”

Security professionals who have lived through an avoidable breach possess a unique mindset. They are less likely to experience burnout, are less indifferent to their work, less likely to think about quitting their job, feel less personally responsible for an incident, and are more likely to share their learning experiences. Cybersecurity breach survivors also have first-hand experience of what works on the frontlines of security performance management and what doesn’t, and are well versed in crisis management, recovery procedures, and team focus.

Furthermore, cyberattack veterans have unique perspectives on cybersecurity risk management. They understand that risk mitigation requires more than the right tools and technology. Unless an organization takes a risk-based view of security, where all stakeholders (not just IT) understand the inherent threat of doing business in a digital world, then all the firewalls, endpoint protection, and other security measures won’t help.

Sharing Insights About Cybersecurity Breaches: The Best Defense  

Unfortunately, while many businesses tend to extol the virtues of openness and information-sharing, cybersecurity remains a taboo subject for many. Cyber breaches are treated like a scarlet letter, and security teams are often hesitant to share information or discuss vulnerabilities that led to breaches and lessons learned from those incidents.

That might be why security professionals who’ve “been there and done it” remain unfortunately tight-lipped about their experiences. The Symantec/Goldsmiths study shows that 54% of respondents don’t discuss breaches or attacks with their industry peers, with 36% fearing that sharing this information could impact their professional reputation and career prospects.

This new report flips that thinking on its head, and boldly asserts several best practices: that these learnings should be shared, that company boards should foster a more open learning culture for security teams, and that data breach survivors should be at the top of your company's list of hiring priorities.  

Indeed, sharing experiences is critically important, especially since everyone in the company must be involved in protecting the organization. The cybersecurity skills shortage mandates that everyone, from the CEO on down, needs to take responsibility. 

Not adhering to this policy can yield some sobering results. The average cost of a cyber breach has now reached $4.6 million per incident. But the impact extends beyond potential financial and reputational ruin. Security teams are also feeling the burn with 51% of tech executives experiencing cybersecurity burnout and stress-related illnesses as a result of cyberattacks, breaches, and outages. 

Experience with Vulnerabilities Can Strengthen Security Performance Management

We’re all vulnerable about our vulnerabilities. But cybersecurity professionals who have witnessed an attack first-hand should be applauded, not vilified. And they should feel confident that their experience can help their organizations be better prepared for the future. Their experiences--and the knowledge they’ve gained from those experiences--can be used to bolster security performance management and create a formidable front against potential threats.

Suggested Posts

Zerologon: BitSight Observations on a Dangerous Vulnerability

New vulnerabilities emerge daily... but not every vulnerability is being actively exploited by nation state actors. Zerologon (CVE-2020-1472) is one such vulnerability.  Zerologon was recently identified by the National Security Agency...

READ MORE »

BitSight’s View into the NSA’s Top Vulnerabilities

In a highly unusual move, the National Security Agency released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors.  The NSA issued the alert in order to...

READ MORE »

Market-Changing Research Reveals Link Between Strong Cybersecurity and Stock Price

One of the biggest questions in cybersecurity now has an answer… and the implications are significant for investors, policymakers, corporate executives, and cybersecurity professionals alike. 

READ MORE »

Subscribe to get security news and updates in your inbox.