Chief Information Security Officers (CISOs) were surveyed on their security programs and risk management strategies. According to the survey, 89% of CISOs measure the maturity and performance of their full security program at least once each quarter, and more than half of CISOs measure monthly.

Thirty-three percent of CISOs are not working towards a same-day mean time to detect (MTTD), and do not have a service level agreement (SLA) to start working on mitigating risk within 8 hours of a breach.

With the average SLA for patching and resolving critical vulnerabilities remaining at 16.3 days, attackers have a favorable landscape to launch attacks and deepen their foothold.

The average mean time to respond (MTTR) CISOs report is 9 hours, with the IT industry being the fastest to respond to threats, in under 7.4 hours.

Read the full report here.