While 45% of PwC's survey respondents feel that their companies exhibit the attributes of infosec leaders, data suggests that this is true only for about 15% of the sample size. Respondents are categorized as per their approach to security - front-runners (45%), who say their organization has effective strategy and execution in place; strategists (28%), those that feel they are better at getting the strategy right; tacticians (16%), who focus more on execution than planning and firefighters (11%), who typically lack an effective plan, and usually operate in a reactive mode.
The top 15% who exhibit these attributes are benchmarked on the following criteria:
- Have an information security strategy
- Employ a chief information security officer (CISO) or equivalent, who reports to top management
- Review effectiveness on existing measures over the past year
- Understand the exact nature of security events that occurred in the past year