Javier Dominguez , CISO at Commvault , discusses the five different levels of cybersecurity maturity . “ At the earliest stage , security may be in the hands of individuals who are simply order takers ,” he says , “ whereas at the most advanced level , CISOs are liaising with the board to ensure cybersecurity is built into every aspect of the business .”

ISOs are shouldering an evergrowing burden of responsibility as

Determining CISO maturity levels

With the onus on CISOs to make sure these critical measures are in place and regularly tested , it begs the question whether business leaders know if they have the right individual , supported with the right resources , running their security operations ?

Despite this massive hike in threats , a recent Commvault survey found only 13 % of global organisations were ‘ cybermature ’ enough to effectively mitigate and rebound from an attack . These few were able to recover 41 % faster from an incident compared to respondents at the lowest end of the scale .

Making this significant difference in speed of recovery were a number of key resiliency markers . They determined why some businesses were able to restore data quickly and resume normal operations , and others could not . Notably , there was emphasis on having security tools that could provide early warning about risk , including insider risk , with defined runbooks , roles and processes for incident response .

Vital too , was having a reliable clean dark site or secondary backup system with an isolated environment to store an immutable copy of critical data . Equally important was frequent testing of cyber-recovery practices so processes remained fit for purpose and up-to-date .

Organisations rely heavily on their CISOs to protect operations from cyberattacks , yet their level of authority varies considerably , impacting the overall cybermaturity of an organisation . At the earliest stage , security may be in the hands of individuals who are simply order takers , whereas at the most advanced level , CISOs are liaising with the board to ensure cybersecurity is built into every aspect of the business .

To understand where an organisation fits in this maturity cycle and how it affects cybersecurity risk and resilience , the stages can typically be broken down into five phases .

1 . Check box security

In the least mature organisations , those tasked with security are seldom policy makers , and most do not have a dedicated CISO role . Instead , cybersecurity is often handled by part of the IT team , reporting into a mid-level IT manager or possibly the CIO . The responsibilities are often combined with daily routines required to keep the technical

Organisations rely heavily on their CISOs to protect operations from cyberattacks , yet their level of authority varies considerably .

WWW . INTELLIGENTCISO . COM 63