Businesses Lack Coordinated Efforts to Prevent Security Risks

A third of executives said it was challenging to prioritize which systems to fix first, as security and operations teams have different priorities.

bmc and security

Known vulnerabilities appear to be the leading cause of exposure to data breaches and cyber threats, according to a survey of 300 C-level executives, conducted by BMC and Forbes Insights.

The report also confirms a significant gap between security and IT operations (SecOps) teams, which is contributing to unnecessary data loss, production downtime, and potential reputation damage.

The survey revealed that 44 percent of security breaches occur even when vulnerabilities and how to remedy them have previously been identified, indicating it takes far too long to fix a vulnerability once a patch becomes available.

The problem is partially explained by the fact that 34 percent of North American and 54 percent of European respondents say it takes weeks to fix a high-impact vulnerability in applications or operating systems.

When asked why, a third of executives surveyed stated it was challenging to prioritize which systems to fix first, since the security and operations teams may have different priorities.

In addition, outages and poor performance in IT systems can be traced to poorly applied patches, half of the executives on both sides of the Atlantic said.

When asked about the challenges faced by IT and security, 60 percent of executives surveyed said the IT operations and security teams have only a general or a little understanding of each others' requirements.

However, half of survey respondents said they don’t have a plan in place for improving the coordination between these two groups.

In addition, 52 percent of enterprise leaders in North America and Europe equate regulatory compliance with tighter security, and 60 percent of North American firms expect to purchase or implement a security operations management (SecOps) solution in the next 12 months.

All survey respondents were from companies with at least $100 million in annual revenue-- 27 percent were from companies with revenue between $1 billion and $5 billion and 23 percent had revenue of $5 billion or more.

Addressing increases in the volume and complexity of regulatory requirements is seen as a growing problem in the months ahead, especially for European enterprises--57 percent of European executives identified this growing challenge, as did 49 percent of North American respondents.

Furthermore, despite the close connection between security and compliance, 44 percent of North American and 35 percent of European enterprises manage these areas separately.

However, survey results indicated companies that develop close partnerships between security architecture and compliance reap rewards that go beyond simply passing audits.

"Whether viewed from a security, operational or compliance perspective, SecOps alignment is essential for keeping modern enterprises performing at levels required in today’s highly competitive global marketplace," the report noted. "But along with the challenges that SecOps represents, it also presents an important opportunity—by working closely to close the SecOps gap, the two teams can more successfully meet their individual goals and improve the overall success of their enterprises."