The latest findings from Splunk's 2023 Chief Information Security Officers (CISO) Report reveal an increasingly disrupted landscape in the domain of cybersecurity. According to the report, 90% of organisations have endured a disruptive attack within the past year, and, tellingly, 83% were forced to pay following a ransomware attack.
Compiled from surveys involving 350 CISOs, Chief Security Officers (CSOs) and executive security leaders across ten countries, the report provides detailed insights into the shifting landscape of emerging threats and strategies. The findings represent an alarming picture of an evolving, increasingly hostile cybersecurity environment that organisations must navigate.
The threat landscape is further complicated by the advent of Artificial Intelligence (AI), which 70% of respondents believe advantages attackers rather than defenders. Interestingly, despite these apprehensions, 35% are experimenting with AI for cyber defence. Jason Lee, CISO at Splunk, stated: “These relationships provide CISOs the opportunity to become champions who strengthen an organisation’s security culture and lead teams to become more cross-collaborative and resilient.”
Further, the landscape of cybersecurity roles is steadily changing. According to the report, 86% of CISOs believe their role has transformed so significantly that it’s akin to doing an entirely different job, and 47% of CISOs now report directly to the CEO. "Boards of directors are increasingly looking to CISOs to guide cybersecurity strategy, offering an opportunity for CISOs to articulate value and fill in communication gaps,” Lee observed.
In terms of new technologies, the report found that 86% of surveyed CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team. Moreover, 35% report using generative AI for positive security applications, and an additional 61% will likely use it within the next year.
The attempted mitigation of security risks was also flagged, with the majority of the respondents resorting to paying ransomware demands following a detrimental attack on their business operations. The alarming figure disclosed that over half paid at least $100,000, and in most cases either paid directly, through cyber insurance, or via a third party.
Another finding showed that 93% of respondent CISOs anticipate an increase in cybersecurity budgets over the next year, in part driven by economic challenges impacting security and the increasing number of threats facing organisations.
According to the study, synthesising functions across teams and encouraging cross-collaboration will play a pivotal role in achieving a more secure, resilient strategy in the face of these complex issues. This collaboration, fuelled by digital transformation and a greater emphasis on risk management, is a critical factor in ensuring organisational resilience.