Salt is thrilled to share the findings from the just-released “State of the CISO 2023” report! We wanted to hear directly from CISOs/CSOs around the world about how digital transformation is impacting their role and understand the biggest challenges – both personal and professional – they’re contending with as a result. Salt undertook this project with independent research firm Global Surveyz, which oversaw a survey of 300 CISOs/CSOs globally, including in the US, UK, France, the Netherlands, and Brazil.
Digitalization is the lifeblood of business today, enabling the innovation that unleashes new modern online and mobile services. It has spurred new business opportunities, fostered creative partnerships, and delivered new customer conveniences across multiple industries – from mobile banking to digital payment systems to online healthcare to thousands of apps that affect our lives every day. These new services have changed how we shop, entertain ourselves, move through the world, consume our favorite foods, and interact with friends and colleagues.
But all this innovation also comes at a cost – and CISOs are on the front lines of dealing with that cost. We wanted to hear first hand how this rapid innovation is impacting them. No CISO ever wants to stand in the way of or slow down new business initiatives, but CISOs also understand companies cannot sacrifice security for speed. Without ensuring the safety of an organization’s and its customers’ critical data, companies put both brand reputation and digitalization investments at risk.
As Julie Chickillo, VP, head of cybersecurity at Guild Education, explains:
“Objective data like these brings more awareness to the problem set and helps us craft ways to work together to create a stronger and safer cybersecurity culture.Security requirements have grown exponentially with digitalization, and we’re moving faster than ever with those digital projects.”
The executive team, the board of directors – and security must work hand-in-hand to understand the biggest cybersecurity threats and to address these problems.
Notably, all rank similarly high as top challenges CISOs are facing. So CISOs are in the unfortunate situation of addressing several problems at the same time – putting extra strain on their resources and budget, not to mention their own stress levels.
Because APIs are embedded throughout all digitalized services, they contribute to multiple security control gaps. APIs are implemented within the supply chain/third-party vendor integration as well as cloud applications, and represent a key vulnerability risk.
APIs definitely stood out as a key focus area for the CISOs surveyed. 77% of CISOs acknowledge APIs are already a higher priority today vs. two years ago, and 95% say that their organizations have made API security a planned priority over the next two years.
Anton Chuvakin, security advisor at Office of the CISO, Google Cloud, explains that this attention is long overdue:
“As organizations accelerate their digital transformation efforts, they naturally increase the use of APIs in many areas of business and AI. So it's promising to see that their API security efforts are finally moving upward. Sometimes companies can be penny wise but pound foolish when it comes to security investments. But given the high cost of major personal data breaches, API security has to rise in prominence, and do so sharply, in the near future.”
Concerns over personal litigation stemming from breaches for CISOs worldwide topped the list of personal challenges from digital initiatives. With several high-profile CISO lawsuits making waves recently, the trend of security leaders opting for roles below CISO level, or requesting indemnification, is growing – they are fearful of being found personally liable in the event of a breach, which could put their own livelihood at risk.
As Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, comments:
“In addition to upending many traditional security approaches, the digital-first economy has impacted a lot of us CISOs on a very personal level. The fact that my peers highlighted ‘concerns over personal litigation stemming from breaches’ as their top personal concern should be alarming to everyone in the industry. Qualified leaders may decide not to pursue the role if organizations don’t have the right cyber tools or processes, or if they consider the personal risk too high.”
CISOs on average worldwide say speed of AI adoption is the global trend having the most impact on their role, topping even the challenges presented by today’s macro-economic uncertainty and the current geo/political climate.
CISOs understand that AI serves as both a defensive and offensive tool in the cyber arena. Cyber criminals are already tapping into AI for its ability to instrument and accelerate new ways to attack organizations. With widely available generative AI technologies, such as ChatGPT, for example, bad actors can generate and scale their malicious attacks faster. But AI is also an essential tool for cyber defense. No security team can analyze the large volumes of data to pinpoint and stop attacks without leveraging AI.
Ed Amoroso, founder and CEO of TAG InfoSphere, adds:
“These findings underscore the new reality of the “AI era” of cyber. CISOs know that AI attacks are evolving and becoming increasingly sophisticated – and that they’re growing at an unprecedented rate. With security teams already at capacity defending a broad attack surface, the impact of escalating AI threats – as well as the necessity to implement an AI offense –clearly weighs heavily on today’s CISOs.”
The survey findings clearly show that CISOs feel more pain points and face more challenges due to modern digital services. With new obstacles and threats to overcome, CISOs can’t do it alone. The business ramifications warrant that these serious security risks become a top priority across the executive suite – not just within the security team. In addition, business leaders must take steps to reassure CISOs in regards to their own personal liability. By equipping their teams with security solutions that provide a comprehensive view into critical correlated security gaps, organizations can help lower that risk and alleviate CISO concerns.
We invite you to download the full report to learn more about these findings. If you want to learn more about how the Salt Security API Protection Platform can bring visibility to growing API security threats, contact us for more information.
Salt Security Chief Marketing Officer, Michael Callahan, reflects on his first 90 days with the company and shares his observations and optimism!
To effectively reduce risk, organizations must adopt a strategy that helps mitigate risk now and ensures long term risk reduction.