ESG conducts a research project with the Information Systems Security Association (ISSA) on the mindset of cybersecurity professionals. As part of last years research, we asked respondents to identify the top actions their organizations should take in the future to improve cybersecurity. We then looked at this data based upon respondents roles, so we could look at the specific recommendations from CISOs (or other titles with equivalent job descriptions). The take-away here is that too many organizations have inefficient, undocumented, and informal cybersecurity processes.”]