Across the regions surveyed, differences in CISO priorities and mindsets were mixed and generally indigenous to geopolitical/economic peculiarities — with exceptions.
In a quantitative (350 CISOs, CSOs and other qualified executive security leader equivalents in North America, EMEA (UK, Germany, France and Australia, New Zealand, Japan, Singapore, India) and qualitative study (20 CISOs, CSO and security leaders in the United States, Canada and the UK) involving 60-minute phone interviews on emerging trends, threats and strategies for AI and security matters, several trends were gleaned from the respondents in 17 industries.
In terms of AI developments and trends, three were of particular global impact:
- CISOs were paying ransomware demands despite exacerbating the risks for the rest of the world.
- 90% of respondents reported their organization experienced at least one disruptive cyberattack last year, but 83% cited paying the attackers off, with more than half paying at least US$100,000.
- The retail industry in the study was the most likely to pay the ransom, with 95% of respondents reporting they either paid directly, through cyber insurance or a third party.
-
CISOs were trying to stay ahead of generative AI.
- 70% of respondents believed generative AI could give cyber adversaries more opportunities to commit attacks, while 35% were already experimenting with it for cyber defence, including malware analysis, workflow automation and risk scoring.
- CISOs in healthcare (88%), manufacturing (76%) and financial services (72%) expressed the most fear that generative AI would give either a strong or slight advantage to cyber adversaries.
- 51% of respondents in the financial services indicated they planned to implement specific cybersecurity controls to mitigate AI security risks.
- 93% of respondents citing having extensively or moderately implemented automation into their cyber defense processes.
- CISOs believed visibility gaps could be closed by reining-in tools
- Tool sprawl was a major concern, likely compounding existing visibility issues. 88% of respondents indicated they saw a need to rein-in security analysis and operations tools with solutions like security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat intelligence.
- CISOs in the survey were looking to decrease the number of tools they use and simplify processes with automation.
In terms of coping with the increasingly sophisticated cyber threat landscape:
- CISOs surveyed believed they were now in the C-Suite
- 47% of CISOs in the studies were reporting directly to the CEO, indicating a closer relationship with the C-Suite and their respective governing boards. Boards of directors were increasingly looking to CISOs to guide cybersecurity strategy, offering an opportunity for CISOs to articulate value and fill in communication gaps.
- CISOs were reporting regular participation in board meetings: including technology (100%), government (100%), communications and media (94%), healthcare (88%) and manufacturing (86%).
- 90% of respondents indicated their governing board cares more about different key performance indices and security metrics today compared to two years before the survey.
- The top three cited metrics for CISO success were: results of security testing; the return on investments of security purchases; and the ability to purchase cyber insurance.
- Boards in the studies were prioritizing security funding
- 93% of responding CISOs expected an increase in their cybersecurity budget over the next year; 83% saw cuts in other parts of their organization.
- 80% indicated their organization had faced a growing number of threats coinciding with the declining economy.
-
Leaders believed that cross-functional collaboration will be critical for a lasting resilience strategy
- 92% of respondents reported either a significant or moderate increase in cybersecurity collaboration between security teams, IT and engineering organizations, largely driven by initiatives like digital transformation, cloud-native development and a greater emphasis on risk management.
- 72% of these leaders indicated their collaboration with IT and development teams on incident root cause analysis and resolution was “good”, while 42% indicated there was “still room for improvement”.
Regional sentiments
Respondents’ sentiments about the impact of AI, cybersecurity and digital resilience varied by region, with the following highlights:
- Digital Resilience: North American respondents placed a higher priority on cybersecurity education in their digital resilience strategy than regional counterparts: 30% of North American respondents indicated that educating cybersecurity staff on best practices and ongoing training was most important to ensure digital resilience, compared to 19% respectively in both APAC and Western Europe.
- Generative/AI: In all regions surveyed, early opinions on generative AI’s applications in security were generally optimistic.
- 84% agreed or strongly agreed to prompts that they will develop their own language models or other AI-based solutions for cybersecurity
- 89% agreed or strongly agreed to prompts that they will adopt generative AI for cybersecurity through vendor-sourced products/functionality
- 86% believed that generative AI will alleviate skills gaps/shortages they had on the security team.
- 82% believed that generative AI bots will take jobs/activities done by humans today.
- In APAC, 24% of respondents believed that AI would give them either a slight or significant advantage over cybercriminals, compared to 12% of respondents from North America and 17% of Western Europe.
- All regions’ respondents in the survey expressed their belief that generative AI would give cybercriminals a slight or significant advantage. Respondents from APAC (23%) were most likely to be using generative AI for cybersecurity, compared to only 11% in North America or Western Europe.
- Respondents in Western Europe expressed the most interest in using generative AI for cybersecurity over the next 12 months (57%), compared to 39% of North American respondents and 35% of respondents from APAC.
-
Threat landscape:
- Respondents from APAC and Western Europe reported seeing the most security gaps in cloud infrastructure at 57% and 51% respectively, compared to North American respondents (40%).
- Respondents in APAC were most afraid of attacks on operational technology (OT) and IoT (46%) compared to Western Europeans at (25%).
- While all regions were affected by ransomware, respondents in APAC (64%) and North America (53%) were more likely to experience an attack that significantly affected their systems and business operations, compared to Western Europeans (38%).
- All regions’ respondents similarly report paying ransoms, whether directly, through cyber insurance or a third party. Respondents in North America (39%) were more likely to pay between $100,000 and $299,999 than Western Europe (20%) or APAC (14%). However, APAC was more likely to pay US$1m or more (17%) compared to North America (3%) or Western Europe (7%).
The small but detailed study, produced by Splunk, ends with six conclusions based on the data used:
- AI is here to stay — whether used by CISOs or cybercriminals
- CISOs’ and board priorities were still misaligned
- CISOs surveyed were being made more active stakeholders in C-level decisions
- Most of the CISOs surveyed were neglecting the greater good, by paying ransoms
- Boards in the surveyed organizations were prioritizing investments in cybersecurity
- Sustainable digital resilience could only be achieved through end-to-end collaboration throughout IT, software engineering, application development, cloud and enterprise architecture functions