Introduction and Methodology
Digital initiatives represent the cornerstone of business innovation today, and the rollout of these new
services has had a tremendous impact on companies around the globe. In this survey, we set out to
discover how the digital-first economy has specifically impacted the role of the CISO/CSO. In addition
to bringing awareness to the evolving role of the CISO, the survey strove to delve into the broader
business ramifications of these changes, so organizations can better understand how digital initiatives
are impacting risk and how companies can better protect themselves.
The survey asked CISOs about the effects of digitalization across a number of different dimensions
– from the top security and personal challenges, to the biggest security control gaps, to the struggle
to find good talent, to the impact that global trends are having, to the cyber knowledge level of their
boards of directors.
The rapid pace of the digital-first economy has transformed the role of the CISO. For CISOs around
the world, the adoption of digitalization has made securing critical data more challenging than ever
before. But the challenges extend beyond business impacts. CISOs cite many personal challenges
that have also resulted from the acceleration of digitalization. They fear potential litigation as a result
of security breaches, they have more job-related stress, they worry about personal liability, and they
often don’t have enough time to fulfill the requirements of their job.
Global trends have also played a part in transforming the CISO role – in particular, the speed of AI
adoption. AI has become more widely used by cyber criminals across the globe, giving them the
ability to dramatically scale their attacks and cause harm to organizations. To counter these threats,
CISOs themselves must harness the power of AI for good, using it to “catch” and stop AI-driven
attacks, putting more pressure on them to quickly adopt new solutions to safeguard their and their
customers’ critical assets.
Perhaps the most significant findings are the security control gaps that have arisen as a consequence
of new digital initiatives. Digitalization has generated multiple security threats and risks, the biggest
among them the application programming interface (API). Foundational to how applications are built
today, APIs also play a crucial role in other top areas of CISO concern, including third-party vendors/
supply chains and cloud-based applications. This huge and expanding attack surface gives bad
actors many access points into organizations’ digital applications and data. Consequently, APIs have
become an increasingly attractive target for cyber criminals. Why? They’re relatively easy to hack,
attacks are difficult to detect and can’t be found by existing security tooling, and the rewards for
successfully hacking APIs are very high because APIs transport companies’ most valuable digital
data. In fact, the attack surface has grown so significantly, APIs are predicted to become the
biggest security vulnerability ever, according to industry research firm Gartner. While awareness of
the need for API security has clearly grown, its implementation is not yet pervasive.
Being on the security front lines, CISOs feel the risks of digitalization most sharply. But the potential
impact of a digital breach affects the entire enterprise, costing organizations not only in damage
to their brand reputation but also in mitigation costs, fines, and potential litigation. Therefore,
increasing security for these vital digital initiatives must be a priority for the whole business – not
just the security team. C-level executives must do their part to enable and aid the business by
prioritizing and funding new security requirements created by digitalization. Digital transformation
is all about moving fast. To drive business acceleration, security must “not get in the way” while
simultaneously ensuring the safety of the organization’s critical data and services. By closing the
top security control gaps caused by digitalization, companies can help alleviate the concern that
“moving fast could put the business at risk.”
Methodology
To get more insight into current priorities, security gaps and pain points for C-level security leaders,
we commissioned a survey of 300 CISOs/CSOs.
Global Surveyz Research, an independent survey company, administered the survey online.
Respondents represented companies in the US, UK, Western Europe (France, Netherlands) and
Brazil, with 500 or more employees, across a variety of industries, including financial services
(including fintech), healthcare, insurance, pharmaceutical, and eCommerce.
The respondents were recruited through a global B2B research panel and invited via email to
complete the survey, with all responses collected during April 2023. The average amount of time
spent on the survey was 7 minutes and 30 seconds. The answers to most of the non-numerical
questions were randomized to prevent order bias in the answers.
Key Findings
The Healthcare and Financial Services industries face the biggest security impact due to the rapid pace of digital transformation initiatives The proliferation of modern digital services and applications continues to complicate the security landscape and introduce new security control gaps. 89% of CISOs worldwide
agree that moving fast with digital transformation can introduce unforeseen risks in securing organization data (Figure 2). However, of those who agree most strongly (37%), the top two industries (Figure 3) are healthcare (47%) and financial services or technologies (43%), which makes sense, as these sectors are experiencing a comparatively high level of digital innovation and disruption.
Because offering digital services has become critical in these industries to remain competitive and meet consumer expectations, healthcare and financial services organizations introduce new digital services at a faster pace. Consequently, these sectors see more “pain” and challenges earlier – and more frequently – than in other industries. Paradoxically, the survey also shows that these sectors have the most
difficulty justifying the cost of security investments to protect new digital transformation initiatives (Figure 5), making the CISO role in healthcare and financial services even more challenging.
1 2 Almost half of CISOs worldwide have concerns that a security breach in their organization may result in personal litigation and liability Virtually all respondents (99%) admit they face personal challenges as a result of digital transformation (Figure 6), with the top concerns being personal litigation stemming from
security breaches (48%) and increased personal risk/liability (45%).
With several high-profile CISO lawsuits making waves recently, the trend of security leaders opting for roles below CISO level, or requesting indemnification, is growing. CISOs have fears of being found personally liable in the event of a security breach, potentially putting their own livelihood at risk. To alleviate fears, organizations need security processes and tooling that provide CISOs with a comprehensive view into potential security risks. With proven risk mitigation capabilities, CISOs can more effectively demonstrate and close security control gaps, gaining reassurance and lowering their concerns regarding personal liability. At a time when the CISO role is more important than ever, senior-level company executives cannot risk losing the best candidates to worries over personal risk or litigation.
Download & read the complete document below 👇👇👇
