Global CISO Survey Finds Digital-First Economy Introduces Unforeseen Risks CISOs
CISOs struggle to cost-justify security investments despite known security gaps, face increasing personal risks, and worry about the rapid adoption of AI
Photo credit: MAGO/Blue Jean Images via Reuters Connect
Israeli API security company Salt Security released key findings of its new “State of the CISO” report. Conducted by Global Surveyz for Salt, the global CISO survey gathered feedback from 300 CISOs/CSOs around the world on issues resulting from digital transformation and enterprise digitalization.
The results highlight significant CISO challenges including the biggest security control gaps they must manage, the most significant personal struggles they face, and the impact that broader global issues are having on their ability to deliver effective cybersecurity strategies.
Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities. Key findings include:
- 89% of CISOs report that the rapid deployment of digital services has generated unforeseen risks to securing critical business data
- Digital initiatives have produced new individual concerns, the top being the risk of personal liability and litigation resulting from security breaches, with 48% of CISOs citing that challenge
- 94% of CISOs worldwide say the speed of AI adoption is the macro dynamic having the greatest impact on their role
- 95% of CISOs plan to prioritize API security over the next two years, a 12% increase compared with that priority two years ago
As the glue connecting all of today’s digital transformation initiatives, APIs stood out as a key focus area for CISOs. 77% of CISOs acknowledge APIs are already a higher priority today vs. two years ago. In addition, API adoption presented the second highest security control gap, after supply chain/third-party vendors, resulting from organizations’ digital initiatives.
Biggest CISO challenges in a digital-first economy
The 2023 report shows that the digital-first economy has brought new security challenges for CISOs. Interestingly, most of the challenges cited by CISOs represent nearly equal levels of concern, forcing CISOs to address multiple challenges at the same time.
CISOs cite the following top security challenges:
- Lack of qualified cybersecurity talent to address new needs (40%)
- Inadequate adoption of software (36%)
- Complexity of distributed technology environments (35%)
- Increased compliance and regulatory requirements (35%)
- Difficulties justifying the cost of security investments (34%)
- Getting stakeholder support for security initiatives (31%)
Also notable, while most CISOs (44%) report security budgets are about 25% higher than two years ago, nearly 30% identify “lack of budget to address new security challenges” from digital transformation as a key challenge, and 34% of CISOs cite difficulty justifying the cost of security investments as a challenge.
Examining the responses more closely, 82% of CISOs say the security budget is higher than two years ago, while 87% say company revenue is higher. This disparity indicates that CISO spending power, as a percentage of revenue, has decreased in the last two years.
Supply chain and APIs top security control gaps
Two-thirds of CISOs state that they have more new digital services to secure compared to 2021. In addition, 89% of CISOs state that the rapid introduction of digital services creates unforeseen security risks in protecting their companies’ vital data. API adoption and supply chain/third-party vendors presented the two highest security control gaps in organizations’ digital initiatives.
CISOs rank security control gaps resulting from digital initiatives as follows:
- Supply chain/third-party vendors (38%)
- API adoption (37%)
- cloud adoption (35%)
- Incomplete vulnerability management (34%)
- Outdated software and hardware (33%)
- Shadow IT (32%)
Because APIs are embedded throughout all of today’s modern digital applications, including integrated third-party services and cloud applications, the above findings underscore the particular importance of API security to close the above-cited security control gaps. In addition, most organizations lack a complete inventory of their APIs, making APIs another component of “shadow IT.”
Global trends impacting the CISO role – speed of AI adoption ranks number one
The vast majority of CISOs admit to feeling the impact of a number of global trends. More CISOs cited the speed of AI adoption as having significant impact, followed by macro-economic uncertainty, the geo/political climate, and layoffs. Specific CISO responses regarding the impact of global trends were:
- Speed of AI adoption (94%)
- Macro-economic uncertainty (92%)
- Geo/political climate (91%)
- Layoffs (89%)
Threat of litigation and increased liability top CISOs’ personal concerns
The digital-first economy has also impacted CISOs on a personal level. Among the personal challenges reported were:
- Concerns over personal litigation stemming from breaches (48%)
- Increased personal risk/liability (45%)
- Expanded responsibilities and not enough time to fulfill (43%)
- Increased job-related stress (38%)
- Bigger teams to manage (37%)
Nearly 50% of CISOs cite litigation concerns. With several high-profile CISO lawsuits making waves recently, CISOs are fearful of being found personally liable in the event of a breach, putting their livelihood at risk. CISOs say their boards of directors are knowledgeable about cyber risks and mitigation
On a positive note, 96% of CISOs worldwide report that their boards of directors are knowledgeable or very knowledgeable about cybersecurity issues. In addition, the survey showed that 26% of CISOs present to the board on cyber risks mitigation and business exposure once a quarter or more, and 57% present to the board at least once every six months.
CISOs struggle to cost-justify security investments despite known security gaps, face increasing personal risks, and worry about the rapid adoption of AI
Photo credit: MAGO/Blue Jean Images via Reuters Connect
Israeli API security company Salt Security released key findings of its new “State of the CISO” report. Conducted by Global Surveyz for Salt, the global CISO survey gathered feedback from 300 CISOs/CSOs around the world on issues resulting from digital transformation and enterprise digitalization.
The results highlight significant CISO challenges including the biggest security control gaps they must manage, the most significant personal struggles they face, and the impact that broader global issues are having on their ability to deliver effective cybersecurity strategies.
Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities. Key findings include:
- 89% of CISOs report that the rapid deployment of digital services has generated unforeseen risks to securing critical business data
- Digital initiatives have produced new individual concerns, the top being the risk of personal liability and litigation resulting from security breaches, with 48% of CISOs citing that challenge
- 94% of CISOs worldwide say the speed of AI adoption is the macro dynamic having the greatest impact on their role
- 95% of CISOs plan to prioritize API security over the next two years, a 12% increase compared with that priority two years ago
As the glue connecting all of today’s digital transformation initiatives, APIs stood out as a key focus area for CISOs. 77% of CISOs acknowledge APIs are already a higher priority today vs. two years ago. In addition, API adoption presented the second highest security control gap, after supply chain/third-party vendors, resulting from organizations’ digital initiatives.
Biggest CISO challenges in a digital-first economy
The 2023 report shows that the digital-first economy has brought new security challenges for CISOs. Interestingly, most of the challenges cited by CISOs represent nearly equal levels of concern, forcing CISOs to address multiple challenges at the same time.
CISOs cite the following top security challenges:
- Lack of qualified cybersecurity talent to address new needs (40%)
- Inadequate adoption of software (36%)
- Complexity of distributed technology environments (35%)
- Increased compliance and regulatory requirements (35%)
- Difficulties justifying the cost of security investments (34%)
- Getting stakeholder support for security initiatives (31%)
Also notable, while most CISOs (44%) report security budgets are about 25% higher than two years ago, nearly 30% identify “lack of budget to address new security challenges” from digital transformation as a key challenge, and 34% of CISOs cite difficulty justifying the cost of security investments as a challenge.
Examining the responses more closely, 82% of CISOs say the security budget is higher than two years ago, while 87% say company revenue is higher. This disparity indicates that CISO spending power, as a percentage of revenue, has decreased in the last two years.
Supply chain and APIs top security control gaps
Two-thirds of CISOs state that they have more new digital services to secure compared to 2021. In addition, 89% of CISOs state that the rapid introduction of digital services creates unforeseen security risks in protecting their companies’ vital data. API adoption and supply chain/third-party vendors presented the two highest security control gaps in organizations’ digital initiatives.
CISOs rank security control gaps resulting from digital initiatives as follows:
- Supply chain/third-party vendors (38%)
- API adoption (37%)
- cloud adoption (35%)
- Incomplete vulnerability management (34%)
- Outdated software and hardware (33%)
- Shadow IT (32%)
Because APIs are embedded throughout all of today’s modern digital applications, including integrated third-party services and cloud applications, the above findings underscore the particular importance of API security to close the above-cited security control gaps. In addition, most organizations lack a complete inventory of their APIs, making APIs another component of “shadow IT.”
Global trends impacting the CISO role – speed of AI adoption ranks number one
The vast majority of CISOs admit to feeling the impact of a number of global trends. More CISOs cited the speed of AI adoption as having significant impact, followed by macro-economic uncertainty, the geo/political climate, and layoffs. Specific CISO responses regarding the impact of global trends were:
- Speed of AI adoption (94%)
- Macro-economic uncertainty (92%)
- Geo/political climate (91%)
- Layoffs (89%)
Threat of litigation and increased liability top CISOs’ personal concerns
The digital-first economy has also impacted CISOs on a personal level. Among the personal challenges reported were:
- Concerns over personal litigation stemming from breaches (48%)
- Increased personal risk/liability (45%)
- Expanded responsibilities and not enough time to fulfill (43%)
- Increased job-related stress (38%)
- Bigger teams to manage (37%)
Nearly 50% of CISOs cite litigation concerns. With several high-profile CISO lawsuits making waves recently, CISOs are fearful of being found personally liable in the event of a breach, putting their livelihood at risk. CISOs say their boards of directors are knowledgeable about cyber risks and mitigation
On a positive note, 96% of CISOs worldwide report that their boards of directors are knowledgeable or very knowledgeable about cybersecurity issues. In addition, the survey showed that 26% of CISOs present to the board on cyber risks mitigation and business exposure once a quarter or more, and 57% present to the board at least once every six months.
