Splunk Inc. released its 2023 CISO Report, a new global research report detailing emerging trends, threats, and strategies for today’s Chief Information Security Officers (CISOs), Chief Security Officers (CSOs), and other qualified security leader equivalents.
Key findings:
The study on 350 CISOs, CSOs, and other qualified executive security leader equivalents across 10 countries revealed that 90% of organisations suffered at least one major cyber attack in the last year and most respondents pay ransomware demands. Eighty-three percent of organisations paid ransomware with more than half paying at least USD 100,000.
The study also finds that CISOs are trying to stay ahead of generative AI. The majority (70%) believe it has advantages for malicious players. Some 35% are already exploring the role of generative AI for cyber defence, malware analysis, workflow automation, and risk scoring.
The majority (88%) of those surveyed see a need to rein in security analysis and operations tools and are looking to decrease the number of tools they automate to simplify processes.
Close to C-suite
Almost half (47%) say that CISOs are now reporting directly to the CEO. CISOs report regular participation in board meetings, including technology (100%), government (100%), communications and media (94%), healthcare (88%) and manufacturing (86%).
“The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions,” said Jason Lee, CISO, Splunk.
“These relationships provide CISOs the opportunity to become champions who strengthen an organisation’s security culture and lead teams to become more cross-collaborative and resilient. By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defence management and prepare for the future.”
