Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

The State of the CISO 2023: Navigating Security Challenges Resulting from Today’s Digital-first Economy

Michelle McLean
Jun 21, 2023

Salt is thrilled to share the findings from the just-released “State of the CISO 2023” report! We wanted to hear directly from CISOs/CSOs around the world about how digital transformation is impacting their role and understand the biggest challenges – both personal and professional – they’re contending with as a result. Salt undertook this project with independent research firm Global Surveyz, which oversaw a survey of 300 CISOs/CSOs globally, including in the US, UK, France, the Netherlands, and Brazil.

Digitalization is the lifeblood of business today, enabling the innovation that unleashes new modern online and mobile services. It has spurred new business opportunities, fostered creative partnerships, and delivered new customer conveniences across multiple industries – from mobile banking to digital payment systems to online healthcare to thousands of apps that affect our lives every day. These new services have changed how we shop, entertain ourselves, move through the world, consume our favorite foods, and interact with friends and colleagues.

But all this innovation also comes at a cost – and CISOs are on the front lines of dealing with that cost. We wanted to hear first hand how this rapid innovation is impacting them.  No CISO ever wants to stand in the way of or slow down new business initiatives, but CISOs also understand companies cannot sacrifice security for speed. Without ensuring the safety of an organization’s and its customers’ critical data, companies put both brand reputation and digitalization investments at risk.

Learn how the rollout of digital services has impacted CISOs – and their organizations – around the globe.

So what did we learn from these CISOs?

  • Nearly 90% of CISOs worldwide say that the rapid adoption of digitalization has created unforeseen security risks
  • 66% of CISOs are rolling out more digital initiatives compared with two years ago
  • 95% say their organizations are making API security a planned priority over the next two years
  • 94% say the speed of AI adoption is the macro dynamic having the greatest impact on their role, followed closely by macro-economic uncertainty and geo/political climate
  • CISOs worldwide cite personal litigation resulting from security breaches as their top personal challenge due to digital initiatives

As Julie Chickillo, VP, head of cybersecurity at Guild Education, explains:

“Objective data like these brings more awareness to the problem set and helps us craft ways to work together to create a stronger and safer cybersecurity culture.Security requirements have grown exponentially with digitalization, and we’re moving faster than ever with those digital projects.”

The executive team, the board of directors – and security must work hand-in-hand to understand the biggest cybersecurity threats and to address these problems.

Here are additional insights on some of the key findings:

The digital-first economy has brought numerous new security challenges for CISOs
  • Lack of qualified cybersecurity talent to address new needs (40%)
  • Inadequate adoption of software (36%)
  • Complexity of distributed technology environments (35%)
  • Increased compliance and regulatory requirements (35%)
  • Difficulties justifying the cost of security investments (34%)
  • Getting stakeholder support for security initiatives (31%)

Notably, all rank similarly high as top challenges CISOs are facing. So CISOs are in the unfortunate situation of addressing several problems at the same time – putting extra strain on their resources and budget, not to mention their own stress levels.

Supply chain and APIs top the list of security control gaps resulting from digitalization

Because APIs are embedded throughout all digitalized services, they contribute to multiple security control gaps. APIs are implemented within the supply chain/third-party vendor integration as well as cloud applications, and represent a key vulnerability risk.

APIs definitely stood out as a key focus area for the CISOs surveyed. 77% of CISOs acknowledge APIs are already a higher priority today vs. two years ago, and 95% say that their organizations have made API security a planned priority over the next two years.

Anton Chuvakin, security advisor at Office of the CISO, Google Cloud, explains that this attention is long overdue:

“As organizations accelerate their digital transformation efforts, they naturally increase the use of APIs in many areas of business and AI. So it's promising to see that their API security efforts are finally moving upward. Sometimes companies can be penny wise but pound foolish when it comes to security investments. But given the high cost of major personal data breaches, API security has to rise in prominence, and do so sharply, in the near future.”
New personal burdens stemming from digitalization also weigh heavily on CISOs

Concerns over personal litigation stemming from breaches for CISOs worldwide topped the list of personal challenges from digital initiatives. With several high-profile CISO lawsuits making waves recently, the trend of security leaders opting for roles below CISO level, or requesting indemnification, is growing – they are fearful of being found personally liable in the event of a breach, which could put their own livelihood at risk.

As Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, comments:

“In addition to upending many traditional security approaches, the digital-first economy has impacted a lot of us CISOs on a very personal level. The fact that my peers highlighted ‘concerns over personal litigation stemming from breaches’ as their top personal concern should be alarming to everyone in the industry. Qualified leaders may decide not to pursue the role if organizations don’t have the right cyber tools or processes, or if they consider the personal risk too high.”
Speed of AI adoption is the global trend having the greatest impact on the CISO

CISOs on average worldwide say speed of AI adoption is the global trend having the most impact on their role, topping even the challenges presented by today’s macro-economic uncertainty and the current geo/political climate.

CISOs understand that AI serves as both a defensive and offensive tool in the cyber arena. Cyber criminals are already tapping into AI for its ability to instrument and accelerate new ways to attack organizations. With widely available generative AI technologies, such as ChatGPT, for example, bad actors can generate and scale their malicious attacks faster. But AI is also an essential tool for cyber defense. No security team can analyze the large volumes of data to pinpoint and stop attacks without leveraging AI.

Ed Amoroso, founder and CEO of TAG InfoSphere, adds:

“These findings underscore the new reality of the “AI era” of cyber. CISOs know that AI attacks are evolving and becoming increasingly sophisticated – and that they’re growing at an unprecedented rate. With security teams already at capacity defending a broad attack surface, the impact of escalating AI threats – as well as the necessity to implement an AI offense –clearly weighs heavily on today’s CISOs.”

The bottom line – CISOs can’t do it alone

The survey findings clearly show that CISOs feel more pain points and face more challenges due to modern digital services. With new obstacles and threats to overcome, CISOs can’t do it alone. The business ramifications warrant that these serious security risks become a top priority across the executive suite – not just within the security team. In addition, business leaders must take steps to reassure CISOs in regards to their own personal liability. By equipping their teams with security solutions that provide a comprehensive view into critical correlated security gaps, organizations can help lower that risk and alleviate CISO concerns.

We invite you to download the full report to learn more about these findings. If you want to learn more about how the Salt Security API Protection Platform can bring visibility to growing API security threats, contact us for more information.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

July 16, 2024

Eric Schwake
Head of Product Marketing

Industry

The Biggest Factors Influencing API Security Today

Several key factors are driving the current state of API security, including the rise of AI, the ongoing digital transformation, a booming app economy, and the challenges posed by shadow IT and regulatory compliance.

Read more

July 9, 2024

Eric Schwake
Head of Product Marketing

Product

Salt Security Empowers API Governance with New Posture Policies Hub

Salt Security's Posture Policies Hub is a powerful new tool designed to help organizations simplify and streamline API posture governance.

Read more

June 21, 2024

Amanda Fitzsimmons
Head of Legal

Industry

Don't Get Salted: Why API Inventory is Key to PCI DSS 4.0 Compliance (and How Salt Security Can Help You Achieve It)

A secure API ecosystem starts with a clear understanding of what APIs you have and how they interact with your data.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back