According to a recent report from security company Trellix, companies are beginning to learn that staff reductions are not always the best first response to a major cybersecurity incident, with layoffs or firings dropping from a reported 31% three years ago to only 22% in the last year. Rather, companies are leaning toward the option of increasing support, with 38% reporting creating new jobs and roles after a breach, and 95% of CISOs reporting their teams received greater organizational support.
Said Trellix CISO Harold Rivas to SC Media, “As breaches not only continue but many organizations find themselves experiencing repeat attacks, there is an evolving realization that any one person or team cannot be ‘blamed. Ridding the company of individuals will not help the business recover from an attack or better prepare them for a potential next attack.”
A CISO interviewed as part of the report was quoted as saying, “The most important asset or factor in IT or security is not the technology, not the policy or process, not the tools, it’s the people. Get the people on board, get the people adopted, get the people understanding and contributing, the other stuff falls into place.”
Source:
