Salt Security has released key findings from its ‘State of the CISO’ report. Conducted by Global Surveyz for Salt, the global CISO survey gathered feedback from 300 CISOs/CSOs around the world on issues resulting from digital transformation and enterprise digitalization.
The results highlight significant CISO challenges including the biggest security control gaps they must manage, the most significant personal struggles they face, and the impact that broader global issues are having on their ability to deliver effective cyber security strategies.
Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities.
Key findings include:
- 89 percent of CISOs report that the rapid deployment of digital services has generated unforeseen risks to securing critical business data.
- Digital initiatives have produced new individual concerns, the top being the risk of personal liability and litigation resulting from security breaches, with 48 percent of CISOs citing that challenge.
- 94 percent of CISOs worldwide say the speed of AI adoption is the macro dynamic having the greatest impact on their role.
- 95 percent of CISOs plan to prioritize API security over the next two years, a 12 percent increase compared with that priority two years ago.
Biggest CISO challenges in a digital-first economy
The 2023 report shows that the digital-first economy has brought new security challenges for CISOs. Interestingly, most of the challenges cited by CISOs represent nearly equal levels of concern, forcing CISOs to address multiple challenges at the same time.
CISOs cite the following top security challenges:
- Lack of qualified cyber security talent to address new needs (40 percent)
- Inadequate adoption of software (36 percent)
- Complexity of distributed technology environments (35 percent)
- Increased compliance and regulatory requirements (35 percent)
- Difficulties justifying the cost of security investments (34 percent)
- Getting stakeholder support for security initiatives (31 percent)
Also notable, while most CISOs (44 percent) report security budgets are about 25 percent higher than two years ago, nearly 30 percent identify lack of budget to address new security challenges from digital transformation as a key challenge, and 34 percent of CISOs cite difficulty justifying the cost of security investments as a challenge.
Supply chain and APIs top security control gaps
Two thirds of CISOs state that they have more new digital services to secure compared to 2021. In addition, 89 percent of CISOs state that the rapid introduction of digital services creates unforeseen security risks in protecting their companies’ vital data. API adoption and supply chain/third party vendors presented the two highest security control gaps in organizations’ digital initiatives.
CISOs rank security control gaps resulting from digital initiatives as follows:
- Supply chain/third party vendors (38 percent)
- API adoption (37 percent)
- Cloud adoption (35 percent)
- Incomplete vulnerability management (34 percent)
- Outdated software and hardware (33 percent)
- Shadow IT (32 percent).
Global trends impacting the CISO role
The vast majority of CISOs admit to feeling the impact of a number of global trends. More CISOs cited the speed of AI adoption as having significant impact, followed by macro-economic uncertainty, the geo/political climate, and layoffs. Specific CISO responses regarding the impact of global trends were:
- Speed of AI adoption (94 percent)
- Macro-economic uncertainty (92 percent)
- Geo/political climate (91 percent)
- Layoffs (89 percent)
Threat of litigation and increased liability top CISOs’ personal concerns
The digital-first economy has also impacted CISOs on a personal level. Among the personal challenges reported were:
- Concerns over personal litigation stemming from breaches (48 percent)
- Increased personal risk/liability (45 percent)
- Expanded responsibilities and not enough time to fulfill (43 percent)
- Increased job-related stress (38 percent)
- Bigger teams to manage (37 percent)
Nearly 50 percent of CISOs cite litigation concerns. With several high-profile CISO lawsuits making waves recently, CISOs are fearful of being found personally liable in the event of a breach, putting their livelihood at risk.
CISOs say their boards of directors are knowledgeable about cyber risks and mitigation
On a positive note, 96 percent of CISOs worldwide report that their boards of directors are knowledgeable or very knowledgeable about cyber security issues. In addition, the survey showed that 26 percent of CISOs present to the board on cyber risks mitigation and business exposure once a quarter or more, and 57 percent present to the board at least once every six months.