A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success.
“Our research shows CISOs are motivated by a mission to protect. Yet, CISOs tell us they feel unsupported, unheard, and invisible,” said Bryan Palma, CEO of Trellix.
“I’ve been a CISO, it can be the loneliest position in tech,” Palma continued, “Now is the time, with AI in the hands of both good and bad actors, to revolutionize SecOps strategies and fight back against criminals. We need to empower our CISOs to win every time,” Palma continued.
Research reveals pain points for CISOs
Not enough support
96% struggle to get support from the executive board for the resources needed to maintain cybersecurity strength. Nearly half think their jobs would be easier if all employees across the entire business were better aware of the challenges of cybersecurity. In addition, one third of CISOs cite a lack of skilled talent on their team as a primary challenge.
The pressure is high
86% have managed a major cybersecurity incident once, and 4 in 10 more than once. 72% of respondents feel fully or mostly accountable for the incidents and 43% experienced major attrition from the Security Operations team as a direct result.
“It’s quite stressful because it is something where we say you have to be right all of the time. The bad guys only have to be right once…” shared a CISO of a US-based healthcare organization.
Working with too many of the wrong solutions
With organizations reporting using an average of 25 individual security solutions, 30% say a top hurdle is having too many pieces of technology without a sole source of truth.
CISOs can find the number of security solutions available to them overwhelming, unnecessary, and challenging.
The right solutions would make a difference
94% agree having the right tools in place would save them considerable time. 44% want access to a single integrated enterprise tool to optimize security investments.
“We get tool exhaustion at some places where money is just thrown at tools and they’re only using a quarter of it,” said a CISO in the US Public Sector. “So having a unified security tool, that’s been built and understood by security people and CISOs and analysts and engineers, that understand their day-to-day work and activities when it comes to certain things, is I think, something that’s missing…”