For many years, Chief Information Security Officers (CISOs) were measured against an impossible objective: 100% breach prevention. Thankfully, many today understand there is no such thing as 100% protection against breaches. This has changed how CISO effectiveness is gauged: from breach prevention to incident response and resilience.

The number of worldwide cyberattacks is on the rise, and organizations with a global footprint face a relentless wave of attacks by motivated “threat actors.” These actors can be organized multinational criminals, nation states, cyber-activists (known as “hacktivists”) or company insiders. And, their activities can damage a company’s reputation, disrupt its business, and impose financial penalties through regulatory violations and remediation costs.