For many years, Chief Information Security Officers (CISOs) were measured against an impossible objective: 100% breach prevention. Thankfully, many today understand there is no such thing as 100% protection against breaches. This has changed how CISO effectiveness is gauged: from breach prevention to incident response and resilience.