CISOs and board members are finding a common language

86% of CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic, according to Splunk.

35% report using generative AI for positive security applications and an additional 61% will likely use it within the next 12 months.

“The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions,” said Jason Lee, CISO, Splunk. “These relationships provide CISOs the opportunity to become champions who strengthen an organization’s security culture and lead teams to become more cross-collaborative and resilient. By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defense management and prepare for the future.”

CISOs pay ransomware demands

90% of respondents reported their organization experienced at least one disruptive cyber attack last year. Numerous industries experienced ransomware attacks that significantly impacted their systems and business operations, including financial services (59%), retail (59%) and healthcare (52%).

83% of organizations paid the attackers in the wake of a ransomware attack, and more than half paid at least $100,000. The retail industry is the most likely to pay the ransom, with 95% of respondents reporting they either paid directly, through cyber insurance or a third party.

70% of surveyed CISOs believe generative AI could give cyber adversaries more opportunities to commit attacks, yet 35% are already experimenting with it for cyber defense including malware analysis, workflow automation and risk scoring.

CISOs in healthcare (88%), manufacturing (76%) and financial services (72%) express the most fear that generative AI would give either a strong or slight advantage to cyber adversaries.

51% of CISOs in financial services say they planned to implement specific cybersecurity controls to mitigate AI security risks. 93% of CISOs have extensively or moderately implemented automation into their processes.

CISOs overwhelmingly responded that tool sprawl is a major concern, likely compounding existing visibility issues. 88% say they see a need to rein in security analysis and operations tools with solutions like security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat intelligence.

CISOs are looking to decrease the number of tools they use and simplify processes with automation.

CISOs strengthen C-Suite relationship

In 47% of organizations surveyed, the CISOs are now reporting directly to the CEO, indicating a closer relationship with the C-Suite and their respective governing boards. Boards of directors are increasingly looking to CISOs to guide cybersecurity strategy, offering an opportunity for CISOs to articulate value and fill in communication gaps.

Numerous CISOs across many industries report regular participation in board meetings, including technology (100%), government (100%), communications and media (94%), healthcare (88%) and manufacturing (86%).

90% of CISOs say their governing board cares more about different KPIs and security metrics today than it did two years ago. The top three CISO metrics for success are: results of security testing, the ROI of security investments, and the ability to purchase cyber insurance.

93% of respondent CISOs expect an increase in their cybersecurity budget over the next year, yet 83% see cuts in other parts of their organization. Economic challenges are impacting security with 80% saying they have noticed their organization has faced a growing number of threats coinciding with the declining economy.

92% of respondents report either a significant or moderate increase in cybersecurity collaboration between security teams, IT and engineering organizations, largely driven by initiatives like digital transformation, cloud native development and a greater emphasis on risk management.

77% indicate collaboration with IT and development teams on incident root cause analysis and resolution was good, while 42% said there is still room for improvement. CISOs agree that strategic collaboration will be vital to gain visibility and ensure resilience throughout the organization.