Security culture making good progress despite human resource limitations.
The ClubCISO Information Security Maturity Report 2023 is a temperature check of 182 global CISOs, evaluating the security posture of organisations through the lens of culture, technology, risk, and people and comparing these findings against previous years. In 2023, there were fewer material cyber incidents and breaches across our respondents’ organisations than in 2022 (which itself was a record low,) with 68% of respondents indicating that no material breaches had occurred at their organisation in 2023. On the whole, CISOs believe that their security culture is improving but is still a work in progress, yet the average rating for overall security posture was lower than last year.
Our respondents unanimously stated that leadership endorsement is the most impactful factor in improving security culture, and alignment between top management and security teams has improved compared to the previous year. While 51% of security teams have seen their budgets increase, on the whole, it is to a lesser extent when compared with last year. While the majority of our respondents feel that security culture is being negatively impacted by too many priorities and a lack of resources, it is personnel concerns that outweigh purely financial constraints, as CISOs feel their main barrier to meeting their objectives is insufficient staffing. In an effort to fix this, over 95% of organisations are trying to retain talent and recruit new staff, with a particular focus hiring for diversity to strengthen teams and bring different perspectives into the business.