Business overconfident and underprepared for cyber threats
A new report from digital transformation consultancy Gemserv, based on a survey of CISOs at 200 large UK and EU enterprises, finds most believe boards are overconfident of their understanding of cybersecurity issues, and are failing to provide CISOs with the support they need to properly protect the organization.
According to the findings, 88 percent of CISOs think the threat landscape is becoming more complex, with 37 percent not confident they have the resources they need. 44 percent struggle to recruit and retain the skilled people they need, amid a 3.2m 'workforce gap' for IT talent.
While 72 percent of organizations are actively incorporating AI into customer-facing products and services, 37 percent of CISOs say they are not confident the business fully understands the risks.
The report shows that 48 percent of CISOs describe the board's general understanding of risks as 'excellent', a significant increase from 2023 (37 percent) but 62 percent believe that staff lack the required knowledge and training to avoid a breach.
Although 79 percent of large enterprises invest in specialist cyber threat intelligence for CISOs, the remainder rely solely on the press, social media, vendor marketing and regulators for information, which is not real-time and can be less reliable.
Gemserv's director of cyber and digital, Mandeep Thandi says:
Given the significant impact a cyber breach can have on organizations, including potential damage to reputation and share price, it’s encouraging to see CISOs have elevated cyber security to a board-level concern rather than it remaining an IT department issue.
Confidence among CISOs in their ability to manage these threats remains low. They anticipate an increase in both the volume and sophistication of cyber attacks. At the same time, IT leaders face mounting pressure to rapidly implement transformational technologies such as cloud computing and GAI, which can heighten an organization's attack surface and therefore vulnerability to cyber threats.
On a positive note the findings show that more CISOs are moving upstream to take seats on boards, and are increasing awareness of the wider reputational and business impacts beyond IT disruption.
You can read more in the full report available from the Gemserv site.
Image credit: Wavebreakmedia/depositphotos.com