ESG asked 315 security professionals working at enterprise organizations to identify incident detection/response areas where their organizations are particularly weak. Many large organizations spent about 70% of their security budgets on prevention and the remaining 30% on incident detection and response. CISOs have a lot of real work to do. CISOs should assess their skills, processes, and tools, and then build a detailed plan to address these weaknesses, says Peter Bergen. Bergen: We have a profound security skills shortage that limits what we can do.”]