CISOs focus more on business strategy than threat research

CISOs and ITDMs (IT security decision-makers) continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire.

The ever-evolving cybersecurity landscape and end-user error and education remain the biggest challenges for CISOs/ITDMs, with end-users accounting for much of their worries, specifically malware/ ransomware, phishing and cloud security breaches.

CISOs increase overall cybersecurity spending

Senior leaders continue to be highly involved and knowledgeable about the importance of cybersecurity measures, which could contribute to why CISOs/ITDMs indicated plans to increase overall cybersecurity spending despite recent economic trends and a looming recession.

“As we’ve seen in previous years, the current economic conditions have shown how resilient cybersecurity budgets are in the face of business cost reductions. In fact, 58% of respondents indicated their budgets had increased, with 42% planning to increase budgets even more,” said Lewie Dunsworth, CEO of Nuspire.

“When looking at where CISOs are spending those budgets, we saw a clear focus on optimization of existing security technology, 24×7 threat monitoring and response, and overall security program improvements. It’s great to see that security leaders are focusing their resources on optimizing the investments they have already made, which should result in better performance for their programs,” added Dunsworth.

Talent shortages

Respondents placed greater emphasis on the need to attract and retain cybersecurity professionals, supplanting remote work concerns that topped the list in 2022.

Talent shortages can create security vulnerabilities that can linger for weeks or months, increasing risk. Many threats aren’t detected until an incident occurs.

• 66% of respondents say it’s hard to attract and retain qualified cybersecurity professionals.
• 58% say their team is so busy, they might not detect an attack.
• 30% say upgrading and enhancing cybersecurity skills would have the biggest impact on their security programs.

To alleviate the skills shortage, many organizations rely on outsourcing.

Top CISOs/ITDMs challenges

• 10% of CISOs/ITDMs manage all of their cybersecurity needs in-house.
• CISOs/ITDMs with less than $1 million for outsourcing are more likely not to outsource compared to their peers with larger budgets.
• CISOs/ITDMs report increased confidence in their cybersecurity systems, especially considering their security strategy relative to end-user compliance and peers.
• CISOs/ITDMs are now more concerned with software applications and email/collaboration tools versus end users and endpoints, which topped the list last year.
• The unique challenges and IT pressures of remote work have fizzled out from the benchmark study, making way for greater emphasis on attracting and retaining skilled cybersecurity professionals.

Remote work, once considered a five-alarm fire in the security world, has become business as usual, giving CISOs and ITDMs time and resources to evaluate the performance of their entire security tech stack. It’s no longer about purchasing the new, shiny security innovation, but rather inventorying existing assets and figuring out how to ensure those assets are protecting the organization’s most important information and processes.