CYBER SECURITY TEAM'S

TO

HOW TO MEASURE RESULTS, SECURE BUDGET, AND AVOID STRESS

Global Survey Shares Cyber Security Team Insights

On How CISOs Set Key Metrics, Manage Business
Alignment And Improve Leadership Skills
Executive Summary
Cyber security is a hot topic as the world has witnessed a rapid increase
in cyber-attacks, data breaches, data leaks and espionage. Governments
are taking cyber security seriously, increasing investment in both defensive The increased stress
and offensive capabilities, and introducing regulations to support legal and pressure facing
frameworks. Organizations around the globe have also prioritized cyber
security with increased investment and placing a Chief Information Security the average CISO is
Officer (CISO) on the executive board. Despite these efforts, companies still having a significant
struggle with implementing basic security hygiene practices such as password
management, multi-factor authentication or privileged access management.
impact upon both
their professional and
Are we empowering CISOs and their teams to succeed at protecting our most
sensitive data assets from every increasing cyberthreats? Do we provide
personal lives.
them with the resources and budget they need to reduce the ever-growing Perhaps in no other
risks from cyberattacks?
executive role are the
CISOs have one of the most difficult and challenging jobs in any business challenges so
today. They typically work hidden in the background, leading a combination
difficult to articulate
of security and operation teams charged with keeping critical systems and
sensitive data protected from cyber criminals and malicious insiders. They and anticipate or the
are constantly on duty, ensuring systems are updated and patches applied,
stakes so high.
delivering cyber security awareness training, controlling and securing privileged
access---not to mention satisfying rapidly evolving compliance mandates and
regulations their businesses are required to meet.

Thus, it is not surprising that many CISOs suffer from burnout, with the
average role lasting approximately 18 months, and that mental illness and
stress is increasing issues.

Thycotic has spent the past year reaching out to the IT security leaders
around the world to find out how they feel they are perceived in their roles,
how they measure success, what motivate employees, how to be successful
at getting security budget and most importantly how to avoid stress which
can lead to burnout.

Most recently, Thycotic sponsored research conducted with more than 550
IT decisions makers across the globe in August 2019---including the US, UK,
Germany, Australia and New Zealand---to reveal an insider’s view of how cyber
security executives are managing the unique demands of their jobs. The
increased stress and pressure facing the average CISO is having a significant
impact upon both their professional and personal lives. Perhaps in no other
executive role are the challenges so difficult to articulate and anticipate or the
stakes so high.

thycotic.com | sales@thycotic.com
Key Takeaways and Findings
#1 Security leaders and their teams need to go beyond technology-centric performance measures and correlate
their metrics to business success. This will help overcome the lack of skilled resources and limited budgets
facing many CISOs.

Being valued by the company and meeting performance targets set by the board are the top definitions of success,
while lack of skilled team resources is most likely to act as a barrier to achieve such successes

50%+ 44% The top three obstacles to achieving business goals

of survey respondents aren’t clear on what the
struggle to align security
initiatives to business
business goals are.”
35% 34% 34%
lack of skilled security breaches and lack of
goals.”
resources being out of control security budget

#2 Using metrics to demonstrate the broader business value of cyber security initiatives is the surest path to
securing an appropriate budget. Satisfying compliance requirements and stopping threats is not enough;
becoming a business enabler is the secret.

89% 45% 48% 52%

agree that their department
has measurable security
performance goals/KPIs to
meet in the next 12 months
of which half (49%) measure
number of security breaches.
agree they have no way of
measuring how previous
security initiatives have made
a difference to the business
overall, and 30% agree it’s not
a priority for them to measure
success of security initiatives
once they’ve been rolled out.”
budget allocated by “Evidence
to demonstrate success of
previous initiatives.”
of respondents say not
meeting performance targets
means the reputation of the
department suffers, team
members end up working
longer hours (38%) and
security budgets likely get cut
(33%).

#3 CISOs need to cultivate leadership skills that emphasize communication and motivation. Inspiring your own
team as well as all employees can help to minimize stress and burnout in the workplace.

42%
say the most stressful
aspect of their job is meeting
the growing number of
compliance and regulatory
demands.
45%
Say the biggest challenges for Feeling important as the ‘business bodyguard’
retaining cyber security team is considered the most important motivator for
members is burnout/stress
employees, while enjoying your job and being able to
from long work hours and
pressure, followed by lack of provide for your family are also key.
support from senior leaders
(40%).

thycotic.com | sales@thycotic.com
 #1 KEY TAKEAWAY # 1

Security leaders and their teams need to go beyond

technology-centric performance measures and correlate
their metrics to business success. This will help overcome
the lack of skilled resources and limited budgets facing
many CISOs.
Security teams have in the past been too disconnected from the business while focusing most of their attention
on the immediate security threats. They have become simply reactive to all cyber threats and incidents while
simultaneously attempting to demonstrate value by measuring technology success—a metric that mostly has
no correlation to business success, and therefore fails to make a positive impression with the executive board or
employees.

However, attitudes are changing. More and more CISOs are measuring success in terms of how they are adding
value to the business and meeting performance targets set by the board. Thus, cyber security teams are striving to
become an enabler of the business rather than just a costly requirement, and therefore make it essential that cyber
security is aligned to overall business goals.

Survey Results
Being valued by the company and meeting performance targets set by the board are the top successes, while lack of a skilled
team is most likely to create a barrier to achieve success.

Here’s how IT cyber security execs around the world define success.

In the current climate which of the following best describe what ‘success’ looks like for you?

41% Being valued by the company

40% Meeting performance targets set by the board

Preventing our organization from being the next ‘cyber

37% security incident’ headline

37% Meeting compliance demands

36% Just keeping everything running smoothly

31% Achieving consistent pay increases and / or bonuses

Knowing that ‘nothing bad happens’ / that there are no major security incidents
thycotic.com | sales@thycotic.com 27% or downtime

16% Not losing my job / holding onto my job

thycotic.com | sales@thycotic.com
 Global variations among security teams in defining “success”

UK GERMANY US AUSTRALIA NEW ZEALAND

Being valued by the Just keeping Meeting compliance Meeting performance Just keeping
1 company (45%) everything running demands (44%) targets set by the everything running
smoothly (48%) Board (50%) smoothly (48%)

Meeting perfor- Being valued by the Preventing our Being valued by the Achieving
mance targets set by company (45%) organization from company (45%) consistent pay
2 the Board (42%) being the next ‘cyber increases and / or
security incident’ bonuses (42%)
headline (43%)

Just keeping ev- Preventing our Being valued by the Meeting compliance Meeting compli-
erything running organization from company (39%) demands (43%) ance demands
3 smoothly (36%) being the next ‘cyber (38%)
security incident’
headline (38%)

52% 28%
of survey respondents are struggling to align don’t have a clear vision on what the other business
security initiatives to the business goals. departments measure business success on.

In terms of aligning business goals to security strategies to what extent do you agree with the following statements?

Strongly Agree Agree Disagree Strongly Disagree

As an organization, we struggle to align

22% 30% 29% 19%
security initiatives to business goals

I don’t have a clear vision of what other

business departments are trying to 18% 26% 28% 27%
accomplish and what they’re interested in

The business goals have not been

communicated to me
19% 24% 26% 31%

I don’t have a clear understanding of the

business goals of my organization 17% 19% 28% 35%

thycotic.com | sales@thycotic.com
 Biggest barriers cyber security execs face in achieving success
CISOs say the lack of skilled resources is the main reason for not meeting targets. CISOs also highlighted that
security breaches being out of control and lack of security budget as other top challenges that limit their ability to
achieve goals.

These barriers have a significant impact on existing cyber security teams, causing them to work longer hours to
meet the performance targets, resulting in heightened levels of stress and employee burnout.

What barriers would prevent you most from achieving these success(es)?

Lack of skilled team of cyber security

35% professionals / Human Resources

34% Security breaches out of our control

Lack of budget to implement additional

34% technology / solutions

27% Lack of support from other departments

26% Change within the business out of my control (e.g M&A, liquidation etc.)

26% Poor communication within team and /or organization

26% Board not prioritizing cyber security as a strategic importance

22% Unstable economy

22% Things taking too long to get signed off/ long processes

4% Nothing would prevent success

thycotic.com | sales@thycotic.com
Recommendations ee e
Fr ourc
s
s
The CISO must invest time listening to the executive board and
Re
business peers to learn how they measure the organization’s
success. The CISO’s role must expand beyond simply putting
technology in place for the sake of security, by leveraging
technology to achieve business goals while ensuring cyber risks
are either reduced or eliminated.

How CISOs can win a seat with The

“Business first” is the key to establishing value
Board of Directors
The CISO needs to serve as the bridge between the business and https://thycotic.com/resources/gartner-market-
the IT security team, ensuring that a “business first” approach is guide-for-pam/
built into every security decision. How does implementing the
security strategy help the business, the executive team, business
peers and employees in accomplishing their tasks and goals? The CISO Challenge: Aligning
Business Enablement with
Become the “Chief Revenue Protection Officer” Enforcement
https://thycotic.com/resources/cyber-securi-
CISOs and their cyber security teams need to ask questions
ty-executives-survey-report-europe/
such as “What is driving revenue in our business?” and “What
do our customers expect from our business when it comes to
cyber security?” That means seeking out and querying those who
generate the business revenue, including the sales and marketing
staff. “Where does the sensitive data reside? What would happen NACD Director’s Handbook on
Cyber-Risk Oversight
if this data were compromised or not available? How would that
www.nacdonline.org/insights/publications.
impact our revenue?” cfm?ItemNumber=10687

By taking a revenue-centric approach, the CISO can convey the
value of cyber security in terms that nearly any executive or
employee can understand. Articulating and giving numbers to how
cyber security influences business revenue serve as powerful value
indicators.
The NACD Director’s Handbook on
Cyber-Risk Oversight is built around five
core principles that are applicable to board
members of public companies, private
companies, and nonprofit organizations of
all sizes and in every industry sector.

How would the cost of a breach affect sales as well as operations?

What kinds of fines would be levied if specific regulatory

compliance mandates were not met?

How much would a lapse in security cost our business in terms of

lost customers?

thycotic.com | sales@thycotic.com
Communication makes the difference in a successful CISO

Cyber security’s reputation problem stems largely from a lack of understanding

and communication at all levels of the company. Despite the increased
visibility in recent years, cyber security is still seen by many as a complex field
full of unfathomable technical jargon. Combined with the tendency to focus
on risks and threats, it’s easy to see why the average employee or business
manager could regard cyber security as a subject to be avoided.

The key to overcoming misperceptions due to lack of communication is to start at the top. Security teams will find it
extremely difficult to get most personnel on their side if senior management has not bought into the importance of
security. Most security professionals believe their boards listen to them and consider their input, though many still
have difficulty making a convincing business case for security investments.

CISOs are the most important individuals for establishing a productive dialogue with the board of executives. They
can act as a Rosetta Stone, translating security issues from jargon-laden technical talk into familiar and business-
centric language. By focusing on the company’s objectives and backing up their points with evidence, CISOs can
help the board to understand how cyber security impacts the company’s bottom line as well as its ability to innovate
and grow. Taking a business first approach is the best way to reposition cyber security as a positive enabler.
#2 KEY TAKEAWAY # 2

Using metrics to demonstrate the broader business

value of cyber security initiatives is the surest path to
securing an appropriate budget. Satisfying compliance
requirements and stopping threats is not enough;
becoming a business enabler is the secret.

Survey Results
How cyber security execs measure their performance
CISOs are in a difficult situation: they need to find a way to prove business value to the executive board and business
peers or fail to get the much-needed funds that will ensure the organization will survive cyber-attacks. However, most
(45%) of security budget and initiatives have no measurement on how they improve business and (30%) say it is not even
a priority to align security spend to the business success.

89% 49%
of survey respondents indicate their department has measure number of security breaches.
measurable security performance goals/KPIs to meet in
the next 12 months.

Does your department have measurable security performance goals, KPIs or milestones to meet in the next 12 months?
If Yes, do you measure any of the following?

49% Number of security breaches

46% Reported incidents

45% Downtime following an incident
45% Time to resolution of a breach
42% Prevented Security Incidents NO 11% YES 89%
41% Impact to customers

37% Cost per incident

35% Helping employees be efficient

29% Expense per employee

thycotic.com | sales@thycotic.com
 45% 30%
agree they have no way of measuring how previous agree it’s not a priority for them to measure success of
security initiatives have made a difference to the business security initiatives once they’ve been rolled out.
overall.

In terms of measuring the success of security initiatives

(e.g. deploying a new technology), to what extent do you agree with the following?

Strongly Agree Agree Disagree Strongly Disagree

We regularly review our security initiatives

46% 41% 11% 2% in terms of the impact on the business

We have no way of measuring how

21% 25% 30% 25% previous security initiatives have made a
difference to the business overall

We are not able to measure the success

19% 21% 33% 25% of security initiatives once they have been
rolled out

It’s not a priority for us to measure the

17% 21% 31% 28% success of security initiatives once they
have been rolled out

thycotic.com | sales@thycotic.com
Perhaps most important, failure to meet performance goals or establish business
value results in lower budget allocations. According to survey respondents, evidence
to demonstrate success of previous initiatives makes the biggest difference to how
budget is allocated (48%), however using metrics to demonstrate the wider business
impact is viewed as most important.

When justifying security spend which of the following make the biggest difference to how budget is
allocated? When justifying security spend which of the following is the most important?

Biggest Difference Most Important

48% Evidence to demonstrate the success of previous

security initiatives and the ROI
21%

Using metrics / data to demonstrate the wider

44%
business impact (improved productivity for staff /
23% faster roll out for new services)

40% Citing the need for regulatory ops legislative

compliance and the risk of fines
18%

Suggesting the opportunity to differentiate the

40% business by increasing user trust by showing a
5% greater duty of care to protecting customer data

Benchmarking against the level of spend that

35% other companies in your market segment invest in
16% security.

35% Talking up the ‘fear factor’ and consequences to

the organization of failing to take action to the
14% Board / other Executives

thycotic.com | sales@thycotic.com
Missing performance goals also has a major negative impact on the entire cyber security team and its leadership.

52% 38% 33%

of respondents say not meeting of respondents say team members of respondents say security budgets
targets means the reputation of the end up working longer hours. likely get cut.
department suffers.

52% Our reputation as a department will suffer

38% I will have to work longer hours

33% Security budgets are likely to be cut

32% I will get a hard time from my boss

29% There will be redundancies in our department

27% We will forfeit some or all of our bonus payments

7% There are no implications

1%
CEOs pay the price when cyber 2%

security falls short

Other I don’t
know

When cyber security teams do not meet their targets, it impacts the
CEO with longer hours, shareholder pushback, job insecurity and
bonus reductions.

Question: Are there any implications of NOT meeting these

targets for the CEO? If Yes – please specify these implications

41%
DO
N’

44% 44% No/low

tK
9

bonus
NO
%
W

YES Hard time Threat payments

50%
61% from share- to the
holders job
NO
Longer
30% hours spent
on the job

thycotic.com | sales@thycotic.com
Recommendations ee e
Fr ourc
s
s
One of the best ways to get security budget Re
is to approach cyber security projects or
initiatives in the context of revenue protection
or return on investment (ROI). Treating cyber
security simply as a cost, will almost always
guarantee a focus on budget cutting rather The 20 Worst Metrics in
Cyber security
than proper resource allocation. www.darkreading.com/edge/theedge/the-
20-worst-metrics-in-cybersecurity/b/d-
A successful CISO will present budget recommendations id/1335842
based on a ROI/revenue protection mindset using business
language that executive boards understand and can make
decisions based on tangible requests that contribute to the
business. Measuring and Managing Infor-
mation Risk: A FAIR Approach
Watch how you use metrics www.fairinstitute.org/fair-book
Focus on metrics that demonstrate the business impact such
as how much revenue is protected, how much employee time
saved, and how security initiatives improve the efficiency and
productivity when rolling out new technologies or business
CISO Quick Guide to Access
services. Control and Cyber Security
Compliance
Avoid metrics that are presented in technical jargon with https://thycotic.com/resources/global-ac-
cess-control-cyber-security-compliance/
little context or analysis, or statistics and measurements
that don’t genuinely communicate risk. Citing thousands of
vulnerabilities and matching patches, providing MTTD and
MTTR stats, or number of threats blocked will likely confuse or
even mislead your business audience. These types of “vanity
metrics” are simply not acceptable for a CISO seeking to
persuade follow executives.

thycotic.com | sales@thycotic.com
Express your team’s value in terms of quantitative risk
scenarios.
While much attention has been given to qualitative risk measures such as
heat maps, using “low, medium and high” as risk descriptors are meaningless
for most executives. The successful CISO spends the time and effort to
develop a quantitative number, usually in monetary costs, with real world
cyber security scenarios. The key is to create scenarios based on publicly
acknowledged, real world incidents that are comparable to your company’s
size and revenue, including:

Data loss scenario Privacy failure Malicious insider Ransomware attack Reputational
where customer that results in stealing and selling that shuts down damage from a
information is sold substantial fine IP finance department breach that releases
on the dark web confidential
information

Once you’ve done your scenario research, the CISO and cyber security team are in a much better position to
articulate the threats their organization faces in the next 12 months, where the gaps in security lie in these

scenarios, and what it will cost in money and effort
to close those gaps.

The compliance checklist is not security

Since businesses must typically satisfy the security requirements and
controls mandated by legal regulations, meeting compliance goals can
certainly help with getting budget approved. The risk of fines for regulation
violations provides a tangible cost that executives understand.

But it’s important to describe compliance with a focus on security and business value rather than the traditional
checkbox approach. Meeting audit requirements may get you certified or complaint but that does not mean
you are 100 percent secure. Compliance is usually defined as a snapshot in time, but cyber security requires a
continuous process of reducing business risks.

thycotic.com | sales@thycotic.com
#3 KEY TAKEAWAY # 3

CISOs need to cultivate leadership skills that emphasize

communication and motivation. Inspiring your own team
as well as all employees can help to minimize stress and
burnout in the workplace.
One major challenge for CISOs and Security professionals stems from the ever-growing stress, visibility and impact
that work has on the motivation and health of employees. Operating in high pressure environments, IT security
teams must deal with constantly evolving threats need encouragement and support.

This is a major factor in why the industry is experiencing a shortage of skilled employees as the new talent starting
their careers often view cyber security as too high pressure and look for other exciting but less stressful work
environments. CISO’s must make cyber security an attractive place for new energetic and diverse talent to bring new
ideas and help relieve the pressure on existing professionals.

Survey Results
Here’s what stresses cyber security teams the most
Over 42% say the most stressful aspect of their job is meeting the growing number of compliance and regulatory demands.

What is the most stressful aspect of your job?

42% Meeting the growing number of compliance and regulatory

demands

33% Long hours and the need for out of hours availability

31% Firefighting a growing number of security incidents

31% Not having the budget I need to do my job effectively

29% Lack of understanding from the board about what’s needed to do my

job effectively

28% Not able to attract and retain the right staff needed for security roles

23% Job uncertainty / insecurity

1% Other

thycotic.com | sales@thycotic.com
It is therefore not surprising that one of the biggest challenges for retaining
cyber security team members is burnout / stress from long work hours /
pressure (45%), followed by lack of support from senior leaders (40%).

What are the biggest issues when it comes to retaining team members?

45% Burnout / stress from long working hours / pressures at work

40% Lack of support from senior leaders in how to train, appraise and
develop staff

Lack of opportunity to express themselves in challenging/interesting

38% projects

37% Lack of clear career goals / internal progression

36% Remuneration / packages are not competitive

2% Other

Here are the key motivators for cyber security teams

Feeling important as the ‘business bodyguard’ is considered the most important motivator for employees, while
enjoying your job and being able to provide for your family are also seen as key motivators.

29% 25%
say that acting as the ‘business bodyguard’ is the biggest say that being the ‘upholder of ethics’ is the biggest
motivator to “get out of bed in the morning. motivator.

thycotic.com | sales@thycotic.com
What gets you out of bed in the morning?

29% Being the ‘business bodyguard’ - I like to know “I’m keeping

the business safe”

25% Being the ‘upholder of ethics’ - making a difference in protecting the

integrity of data and privacy of our customers and employees

23% Being the ‘puzzle master’ - the intellectual challenge and pitting my wits
against would be attackers

20% Being an ‘instrument of change’ - I get bored easily and thrive on driving change

3% I usually struggle to motivate myself to go to work in the morning

24% I enjoy my job Which of the

following
21% To provide for my family
motivates you to
18% To give my life purpose work most?

14% To learn new things

13% So I can afford to spend money on things I enjoy

10% I am a gadget nerd, my job gets me to play with new toys

thycotic.com | sales@thycotic.com
Recommendations
It is critical that the CISO and Security team find a balance between work and
personal life. The urgent need for business leaders to ensure the teams have what
they need to be successful as sometimes this means more skilled resources, more
security budget and not having to work longer hours to be successful. Cyber-
attacks never sleep but your CISO and security surely need to.
The CISO should be the driver for a positive
experience
Historically, security has been a negative experience for
most employees. When was the last time you heard an
employee say how much they loved their Antivirus software
and how it helps them perform their job? Most employees
probably view cyber security as a hindrance rather than help
in accomplishing daily tasks---more likely to slow down their
laptop performance or prevent them from doing their job.
It’s the CISO job to lead in making cyber security as positive
experience as possible, especially when it comes to making
technology invisible and frictionless in the workplace.
For cyber security teams, make sure that channels of
communication are always open, and that workplace flexibility
and redundancy are built into work schedules to help avoid
burnout. Taking time away from the workplace periodically
with staff such as a monthly luncheon off site can also help
to boost team morale. In all cases, give team members the
freedom and respect they deserve to use their skills and
judgement in setting priorities and making decisions.
The CISO must integrate security into the
corporate culture
The successful CISO needs to make security a fundamental
core to the business and employees must never be afraid to
speak out when they see something suspicious. That means
promoting a culture that employees are never afraid to ask for
advice or report suspicious activity even if it was a result of
something they clicked on. The earlier an employee reports
something the lower the potential impact and cost to the
business.
thycotic.com | sales@thycotic.com
One way to get broader support from peers and other
business managers is to have a companywide cyber
security program and culture. Many organizations
have created “Cyber Ambassadors” or “Cyber
Representatives” to act as cross-departmental advisors
to help manage cybersecurity. Their goal is to establish
a “four eyes approach” that ensures someone takes
responsibility for identifying suspicious activity
and managing security incidents. Ad hoc steering
committees led by cyber representatives have also been
formed to help determine the risks of implementing new
technology solutions.
Know when not to talk about cyber security and
be a strong listener
While CISOs must display sufficient technical knowledge,
they must also be strong communicators. When they
speak with the IT Security Manager and then translate the
security needs to the business manager, they need to focus
on business risks and how to reduce those risks with a
measurable return on investment (ROI). The CISO has to
have a clear understanding of the business goals of peers
and align to their needs. Security should be viewed as a
service to the business, the executives, business and peers,
and employees regarded as the customers.
Ethics is also a major motivator especially for CISOs and
security team members. The team with access to critical
systems and sensitive data that recognizes and highlights
ethical and honest behavior will do what is right to protect
the integrity of data and privacy.
 s
ee e
Conclusion Fr ourc
s
Re

Thycotic, a leader in providing cloud-

ready privilege management solutions, is
committed to sponsoring and conducting
research among CISOs and cyber security
Life Inside the Perimeter:
teams to help define and articulate the Understanding the Modern CISO
challenges they face in a rapidly evolving https://media.nominet.uk/wp-content/up-
loads/2019/02/12130924/Nominet-Cyber_
threat environment. CISO-report_FINAL-130219.pdf

The results of this survey as well as those from a report earlier in

2019 (The CISO Challenge: Aligning Business Enablement with
Enforcement) confirms that CISOs have a much more visible role
at the executive level which must be matched with a “business
Expert’s Guide to Privileged
Access Management (PAM)
first” approach. CISOs and their cyber security teams must strike Success
a balance between keeping the organization protected and at the https://thycotic.com/resources/experts-
same time enabling their businesses to grow. guide-to-advanced-pam-success/

The challenges facing CISOs will likely only escalate in the

future, while the resources available to them in fighting threats
will inevitably be limited. It is up to us, as individuals and as an
industry, to pool our knowledge and share insights to improve our Cybersecurity for Dummies
use of technology while reducing the stresses and strains on the
https://thycotic.com/resources/wileys-
people who strive to protect us every hour of every day. dummies-cybersecurity/

To learn more visit thycotic.com.

thycotic.com | sales@thycotic.com
About the Survey
Research was conducted by Sapio Research
in August 2019 among IT decision makers 37%
employing 500+ employees in the following
countries: UK (102) Germany (100) US (203)
Australia (100) New Zealand (50). At an overall
level results are accurate to ± 4.2% at 95%
18%
confidence limits assuming a result of 50%.

Sapio Research is a London based B2B and

18%
consumer market research agency with an
experienced team of researchers offering both
18%
qualitative and quantitative research services and
9%
tools to help clients gain deeper insights. https://
sapioresearch.com/

US New Zealand Germany

Australia UK

About Thycotic
Thycotic is the leading provider of cloud-ready privilege management solutions. Thycotic’s security tools empower over
10,000 organizations, from small businesses to the Fortune 500, to limit privileged account risk, implement least privilege
policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible
for everyone by eliminating dependency on overly complex security tools and prioritizing productivity, flexibility and control.
Headquartered in Washington, DC, Thycotic operates worldwide with offices in the UK and Australia.

thycotic.com | sales@thycotic.com