Skip to main content

Overcoming cybersecurity challenges

How security leaders are building risk-based cybersecurity programs

From checkboxes to frameworks: CISO insights on moving from compliance to risk-based cybersecurity programs.

Security is an ever evolving landscape. Chief information security officers and leaders need a solid strategy and method for prioritizing security investments. In this year’s assessment we found:

Good compliance does not equal good security.

CISO, government

Read the executive summary based on in-depth interviews by Southern Methodist University. We identify the top three challenges and three ways to develop better risk-based cybersecurity programs.

IBM and SMU researchers discuss key takeaways from their interviews with security leaders.

Learn more from the CISO assessments

Already tasked with protecting companies from a vast domain of ever-changing threats, Chief Information Security Officers (CISOs) and other security leaders must now prepare for more avenues of attack as well as more sophisticated attackers.

Research from the IBM Center for Applied Insights (PDF,639 KB) pinpoints what worries today’s security leaders and what they’re doing to address those concerns. We also identify several actions that security leaders can take to help their companies manage the approaching uncertainties in information security.

In a follow-up to the 2014 CISO assessment, we interviewed cybersecurity academics who held a range of responsibilities within their universities. First and foremost, the interviewees did what many of our CISO Assessment respondents have over the years: point out the various imperfections, concerns and issues afflicting today's information security practices. But the interviewees didn't stop at identifying problems—they also offered ways in which these challenges could be addressed through actions within academia.


The path of security leadership

Connect with the IBM Center for Applied Insights #IBMCAI