Budgets up and incidents down as CISOs take control
Organizational cybersecurity has significantly improved over the last year, following positive shifts in influence by CISOs and changing attitudes towards security culture, according to a new report.
The ninth annual Information Security Maturity report, published by ClubCISO in collaboration with Telstra Purple, surveyed more than 100 information security leaders around the world and finds 54 percent report that 'no material incident occurred', in the past year, compared to 27 percent in 2021.
Of those that did see incidents, 'non-malicious insider' (17 percent) is reported as the most common threat vector, ranking higher than social engineering attacks (11 percent) and incidents that came as a result of compromised credentials (10 percent)
In addition, 67 percent of CISOs responding to the survey say their organizations have increased their information security budgets compared with last year, for one-fifth of respondents, budgets have increased by more than 50 percent.
Stephen Khan, chair of the ClubCISO advisory board says:
As we move further away from the Pandemic, what this report makes clear is that much of the groundwork to bolster security has been done. Collectively, CISOs have made security a company-wide concern and the business case for it, not only in our respective businesses but also across our supply chains, has never been stronger.
Our findings show that CISOs are now in the driving seat with extended influence and increased budgets, and are better positioned to deal with an increasingly complex and dynamic threat landscape.
Among other findings 91 percent say they had accelerated their cyber-security tactics in the last year. Of particular note is that the number of organizations now actively working on third-party (supply chain) management has nearly doubled compared with 2021.
Finding the right talent continues to be an issue, 65 percent of CISOs suggest that they are actively seeking to recruit from diverse backgrounds. And whilst the 'best recruits' continue to come from 'technology or engineering' and 'other infosec industry sources', 42 percent feel their best recruits came from 'risk management' and 31 percent answered 'other non-infosec sources', not including security graduates or apprenticeships.
Rob Robinson, head of Telstra Purple EMEA, says, "It is great to see the annual survey and report becoming a vital barometer of infosec maturity globally. In a period of significant turbulence, CISOs have helped steady the ship, but it is exactly for this reason that they too have a community of peers they can rely on to stress-test ideas and lean on for support."
The full report is available on the ClubCISO site.