This article compiles excerpts from various reports, presenting statistics and insights that could be helpful for CISOs.
CISOs becoming more comfortable with risk levels
Netskope | The Modern CISO: Bringing Balance | June 2024
- Contradicting legacy stereotypes of the CISO as inherently risk averse, only 16% of today’s CISOs classified their current risk appetite as low.
- 65% of CISOs now describe their responsibility in terms of improving business resilience, rather than managing cyber risk.
- Just 36% of CISOs see themselves playing a “protector” role primarily focused on defending the organization.
Improving OT cybersecurity remains a work in progress
Fortinet | 2024 State of Operational Technology and Cybersecurity Report | June 2024
- The percentage of organizations that are aligning OT security with the CISO continues to grow, increasing from 17% in 2023 to 27% this year.
Most cybersecurity pros took time off due to mental health issues
Hack The Box | Building a firewall against cybersecurity burnout | June 2024
- 90% of CISOs say they are concerned about the impact of stress, fatigue, and burnout on their workforce’s well-being, whereas only 47% of CEOs seem to be equally concerned about their cybersecurity teams’ stress, fatigue, and burnout on increased errors.
Human error still perceived as the Achilles’ heel of cybersecurity
Proofpoint | 2024 Voice of the CISO | May 2024
- 70% of surveyed CISOs feel at risk of a material cyber attack over the next 12 months, compared to 68% the year before, and 48% in 2022.
- In a year of growing insider threats and people-driven data loss, more CISOs than ever (80%) see human risk, in particular negligent employees as a key cybersecurity concern over the next two years.
- The biggest cybersecurity threats perceived by CISOs in 2024 are ransomware attacks (41%), malware (38%) and email fraud (36%).
AI’s rapid growth puts pressure on CISOs to adapt to new security risks
Trellix | Mind of the CISO: Decoding the GenAI Impact | May 2024
- 76% of CISOs already use GenAI in their organizations, with most of the remaining 24% planning to.
- 89% of CISOs agree adopting and integrating GenAI tools will help address security operations staffing issues within their organization.
- 92% of CISOs expressed AI and GenAI have made them contemplate their future in the role, bringing into serious question how policy and regulation need to adapt to bolster the role of the CISO and enable organizations to secure their systems effectively.
Security tools fail to translate risks for executives
Dynatrace | The state of application security in 2024 | May 2024
- CISOs struggle to drive alignment between security teams and the C-suite, with 87% of CISOs saying application security is a blind spot at the CEO and board level.
- 71% of CISOs say DevSecOps automation is critical to ensuring reasonable measures have been taken to minimize application security risk.
Security analysts believe more than half of tasks could be automated
Anomali | Cybersecurity Priorities 2024 Report | April 2024
- 68% of CISOs surveyed are planning to consolidate the number of vendors/tools they use wherever possible.
- Only 26% of CISOs plan to add new technology to address security gaps and emerging threats.
51% of enterprises experienced a breach despite large security stacks
Pentera | The State of Pentesting 2024 | April 2024
- 50% of CISOs report that they share the results of pentest assessments with their leadership teams as well as their Boards of Directors, using these reports as a tool to communicate cybersecurity risk both within and outside their organizations.