CISO

The network firewall was designed for a world that doesn’t exist anymore. When corporate assets sat behind a data center perimeter, inspecting packets between ‘inside’ and ‘outside’ made sense.

But today, with workloads spread across multiple clouds, SaaS platforms, and edge environments, that perimeter has dissolved. Attackers don’t need to smash through firewalls when they can compromise privileged credentials and operate from within. A rogue or stolen admin account can cause catastrophic damage, something no network firewall can stop. The battlefield has shifted from networks to identities.

A new study from RSAC finds most CISOs’ budgets increased between 2024 and 2025 and their top areas of investment for 2025-2026 are identity and data protection.

While 76 percent of CISOs report that their budgets for 2024-25 had increased, just 12 percent saw their budgets decrease.

IT leaders are optimistic about the value AI can deliver, but readiness is low. Many organizations still lack the security, governance and alignment needed to deploy AI responsibly.

A new study by the Ponemon Institute for OpenText finds 57 percent of CIOs, CISOs, and other IT leaders rate AI adoption as a top priority, and 54 percent are confident they can demonstrate ROI from AI initiatives. However, 53 percent say it is ‘very difficult’ or ‘extremely difficult’ to reduce AI security and legal risks.

As cyber threats become more frequent and complex, CISOs are increasingly concerned about their organization’s ability to withstand a material attack. 76 percent feel at risk of experiencing a material cyberattack in the next 12 months, yet 58 percent say they are unprepared to respond.

The latest Voice of the CISO report from Proofpoint surveyed 1,600 global CISOs across 16 countries and finds human behavior remains a critical vulnerability, with 92 percent attributing at least some data loss to departing employees.

A new State of the Security Profession survey from The Chartered Institute of Information Security (CIISec) shows that 91 percent of the profession believe ultimate responsibility for cybersecurity lies with the board and not security managers or CISOs (just 31 percent).

The survey focused on regulation in the light of a wave of major regulations either recently passed or coming into force -- including the EU AI Act, DORA, NIS2 and the UK’s Data (Use and Access) Bill.

While 79 percent of organizations are already using AI in production environments, only six percent have implemented a comprehensive, AI-native security strategy.

This is among the findings in the new AI Security Benchmark Report from SandboxAQ, based on a survey of more than 100 senior security leaders across the US and EU, which looks at concerns about the risks AI introduces, from model manipulation and data leakage to adversarial attacks and the misuse of non-human identities.

The technology world is a fast moving one and keeping up with the latest trends can be difficult. Yet it's also essential if you're not to lose competitive edge or get caught out by new risks.

We spoke to Myke Lyons, CISO of data infrastructure company Cribl, to discuss what the priorities for cyber leaders should be and what things are likely to keep them awake at night.

While the average total compensation for CISOs at large enterprises is $700K, those at $20B+ firms average $1.1M, with top earners exceeding $1.3M. These people are often managing $100M+ security budgets and teams of over 200 staff.

A new report from IANS Research along with Artico Search looks at data from more than 860 CISOs, including 406 at enterprises with $1B+ in annual revenue.

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Ransomware attacks are increasingly targeting organizations across industries, with the potential to cause devastating financial, operational, and reputational damage.

We spoke to James Eason, practice lead for cyber risk and compliance at Integrity360, to get his insights into how executive boards can effectively prepare for such incidents.

The overall threat landscape facing organizations is expanding, yet many of the threats such as phishing remain the old favorites. What's more, AI is making them more effective by eliminating many of the old tell-tale signs.

With the evolving challenges and risks facing them, how can CISOs effectively network internally and externally to gather support of the broader team and build an appropriate security posture? We spoke to Robin Bell, CISO at Egress, to find out.

New research from Darktrace finds that 78 percent of CISOs say that AI-powered threats are having a significant impact on their organizations, a five percent increase from 2024.

There's more confidence about dealing with them though, more than 60 percent now say that they are adequately prepared to defend against these threats, an increase of nearly 15 percent year-on-year.

It's becoming common in the cybersecurity industry to encounter two situations that are equally untenable.

On the one hand, the job of a typical chief information security officer (CISO) has become overburdened with the high stress of constantly evolving risks, talent shortages, budget constraints, board disconnects and more, leading to burnout. On the other, many organizations, particularly small to midmarket ones, don't have the resources to afford a full-time security executive, despite facing the same cybersecurity and compliance challenges as everyone else.

Following a number of high-profile cybersecurity incidents in 2014 CISOs are reassessing their organization's readiness to manage a potential chaos of a full-scale cyber crisis.

New data from Hack The Box shows many CISOs -- based on a sample of 200 across the UK and US -- are concerned about their organization's ability to handle a cyber crisis. This is down to a number of reasons, the rising volume of cyber incidents (31 percent), lack of incident response planning (20 percent), and a lack of realistic, stress-tested crisis simulations (19 percent).

A new report from Splunk shows 82 percent of CISOs now report directly to the CEO, up from 47 percent in 2023, and 83 percent participate in board meetings somewhat often or most of the time.

However, only 29 percent of CISOs say they receive the proper budget for cybersecurity initiatives and accomplishing their security goals, compared to 41 percent of board members who think their cybersecurity budgets are adequate.