CISO’s Know Breaches Inevitable

Thursday, October 25, 2018 @ 04:10 PM gHale

Source: Kaspersky Lab

Cybersecurity breaches are inevitable say North American CISO’s, with financially motivated groups being their primary concern, new research found.

Eventhough 84 percent of CISO’s said there will be an attack, the findings of the report also show a lack of influence in the boardroom, making it difficult to justify the budgets needed to properly protect organizations.

RATs a Risk to Industrial Networks
Insurance Firms Forecast More Cyber Losses
Lessons Learned One Year After Triton
Black Hat: Get to Root Cause

The report, “What It Takes to Be a CISO: Success and Leadership in Corporate IT Security,” is the result of an inaugural survey carried out by PAC on behalf of Kaspersky Lab that analyzes the status quo and future developments worldwide of the CISO’s role in organizations across the globe. To collect the research, 250 IT-decision-makers in the manufacturing and services sectors were surveyed from May to July 2018.

The findings show on a global basis, CISOs believe financially motivated criminal gangs (40 percent) and malicious insider attacks (29 percent) are the biggest IT security risks to their businesses today – and these types of threats are extremely difficult to prevent.

“Historically, cybersecurity budgets were perceived as a low priority IT spend, but this is no longer the case,” said Maxim Frolov, vice president of global sales at Kaspersky Lab. “Today, cybersecurity risks are top of the agenda for CEOs, CFOs and Risk Officers. In fact, a cybersecurity budget is not just a way to prevent breaches and the disastrous risks associated with them – it’s a way to protect business continuity, as well as a company’s core profile investments.”

CISOs can face challenges with these because attacks are either launched by “professional” cybercriminals or because they are assisted by employees who are expected to be protecting the business.

In addition, the rise of cyberthreats combined with the digital transformation that many enterprises are currently undergoing is making the role of the CISO increasingly critical in modern business. The report found there is now more pressure on CISOs across the globe than ever, with 57 percent considering complex infrastructures involving cloud and mobility to be the top challenge, managing personal data and sensitive information the second biggest challenge at 54 percent, and worrying about the continuing increase in cyberattacks is third at 50 percent.

With pressure on the CISO increasing, budgets allocated to cybersecurity are reported to be growing across businesses worldwide. More than half (56 percent globally and 60 percent in North America) of CISOs are expecting their budgets to increase in the future, while 38 percent of respondents globally – and in North America – expect budgets to remain the same.

Nonetheless, CISOs are up against major budgetary challenges, because it’s almost impossible for them to offer a clear return on investment (ROI), or 100 percent protection from cyberattacks. For example, 36 percent of CISOs said they cannot secure their required IT security budgets because they cannot guarantee there will not be a breach.

When a business views security budgets as part of the overall IT spend, CISOs find themselves vying for budget against other departments. The second most likely reason for not getting budget, is security is sometimes part of the overall IT spend. In addition, 33 percent of CISOs said the budget they could receive is sometimes prioritized for digital, cloud or other IT projects instead, which may be able to demonstrate a clearer ROI.

Although ROI is difficult to prove, there’s no denying cyberattacks can have drastic consequences for businesses, with more than a quarter of respondents’ identifying reputational (28 percent) and financial (25 percent) damage as the most critical consequences of a cyberattack. However, despite the negative impact of a cyberattack, 26 percent of the IT security leaders surveyed are members of the board at their respective businesses. Of those who aren’t board members, 25 percent believe they should be.

A majority of IT security leaders (58 percent) globally believe they are adequately involved in business decision making. However, as digital transformation becomes key to the strategic direction of large enterprises, cybersecurity should be a top priority. For many organizations, the role of the CISO will need to develop to reflect these changes to give them the ability to influence important business decisions.

Click here for more information on the report.

Leave a Reply

You must be logged in to post a comment.