Articles about CISO

The rapid rise of AI across industries has created a critical data blind spot, a lack of insight into the data powering these systems. Training data for AI models can harbor hidden risks, including leaking sensitive information, personal data, and intellectual property.

A new survey of 168 members of the CISO Society carried out by BigID and Lorem Advisory Group looks at the challenges CISOs face in governing, securing, and safeguarding data in today's AI-driven landscape.

Continue reading →

The C-Suite’s perception of cybersecurity has evolved dramatically over the past decade. It’s gone from being an afterthought for technology departments to worry about, to a cornerstone for business survival and operational strategy. The heightened awareness of cybersecurity stems from a deeper grasp of the legal, reputational and financial implications of data breaches. This, combined with regulatory pressures such as the original NIS directive, has forced leaders to enhance their organizations’ cybersecurity measures.

The result is that 75 percent of organizations now report that cybersecurity is a high priority for their senior management team. While on the surface this should be celebrated, when digging deeper, conversations between CISOs and the wider C-Suite often just revolve around high-profile or user-centric security risks. More technical and advanced threats such as those related to application security are overlooked. The race to embrace AI and increasingly complicated cloud infrastructures have also made communicating cybersecurity priorities even more difficult for CISOs.

Continue reading →

Maintaining a secure cloud environment is one of the most important responsibilities of any CISO today, given that over 50 percent of all cyberattacks now originate in the cloud. However, this is a daunting task, as security must now be balanced against other priorities such as maintaining agile operations and the need to innovate.

Organizations today are racing to accelerate their cloud adoption due to the need for greater scalability and cost-efficiency. It has, therefore, become a critical business strategy to ensure efficiency, accessibility, and sustainability in operations. As a result, cloud investments are soaring across the board. Gartner predicts that end-user spending on public cloud services will reach $679 billion by the end of this year and exceed $1 trillion by 2027.

Continue reading →

If you're a cybersecurity professional, then you know how it often seems that no one cares about (or understands) information security.

InfoSec professionals frequently struggle to integrate security into their companies' processes. Many are at odds with their organizations. Most are under-resourced. There must be a better way. The Cybersecurity Manager's Guide is an essential manager's handbook that offers a new approach to building and maintaining an information security program that's both effective and easy to follow.

Continue reading →

The job of the CISO is becoming increasingly complex, with new rules around security and compliance, disclosure requirements following incidents, and more.

We spoke to John Morello, CTO of Gutsy, a company which was the first to apply process mining to security, to find out how things are changing and how CISOs should respond.

Continue reading →

Over half of CISOs believe generative AI is a force for good and a security enabler, whereas only 25 percent think it presents a risk to their organizational security according to a new survey.

The survey of the ClubCISO community, in collaboration with Telstra Purple, highlights CISOs' confidence in generative AI in their organizations.

Continue reading →

A new report shows that CISOs find it difficult to communicate threats to the C-suite, which is leaving gaps in the organization’s understanding of cyberrisk.

The study from Dynatrace reveals that 87 percent of CISOs say application security is a blind spot at the CEO and board level.

Continue reading →

A new survey of more than 400 CISOs in the US and UK reveals that 72 percent are concerned about security breaches related to generative AI.

The study from Metomic finds that CISOs from both the US and UK rank data breaches as their top security concern. Data breaches are continuing to surge across industries, but particularly for healthcare, finance, and manufacturing organizations. According to industry reports, US companies experienced 3,205 data breaches last year (up from 1,802 in 2022), with the average cost of a data breach in the US climbing to $9.48 million in 2023.

Continue reading →

A new report by ClubCISO in collaboration with Telstra Purple finds that despite significant concerns around the impact of AI cyberattacks, many organizations have not seen their priorities or investment plans change.

Of CISOs surveyed 63 percent rate the severity of the threat posed to their businesses by AI cyber-attacks as critical or high, with 63 percent also suggesting that AI cyberattacks will be extremely damaging to businesses.

Continue reading →

A new State of Pentesting report from Pentera shows that 53 percent of organizations surveyed have decreasing or stagnating cybersecurity budgets, requiring CISOs to do more with less.

This compares to last year when 92 percent of organizations surveyed expected to raise their IT security budgets. Only five percent of CISOs this year are projecting their IT security budgets will grow by more than 10 percent compared to 36 percent in 2023.

Continue reading →

Zero trust is no longer a 'nice to have' for cybersecurity leaders. As organizations embrace hybrid and remote workforces, the volume of cyberattacks and data breaches involving unauthorized access to networks, applications and systems has surged.

In response, cybersecurity leaders are striving to adopt a zero trust approach to security to reduce the risk of data breaches, ransomware and insider threats. However, the success of these efforts are being undermined by a variety of factors.

Continue reading →

The U.S. Securities and Exchange Commission (SEC) regulations requiring reporting of a material cybersecurity breach within four days have taken effect. As we progress through 2024, CISOs are going to face the harsh reality of needing to consistently demonstrate and attest to the fidelity of their cybersecurity program.

The outdated method of “buying every tool to protect every vulnerability” will simply fail. Without a clear vision of your threat exposure, security teams will be left feeling overwhelmed with the specific task of addressing known risks, often leading to a game of cybersecurity whack-a-mole -- addressing risk after risk with no real light at the end of the tunnel in sight.

Continue reading →

A new study reveals that 92 percent of companies surveyed had experienced a breach in the past year due to vulnerabilities of applications developed in-house.

The report from Checkmarx shows that in recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.

Continue reading →

The relationship between an organization's chief information officer (CIO) and chief information security officer (CISO) has traditionally been somewhat at odds, since CIO's job is built around sharing information and the CISO's job is to secure it. Plus, the CIO was normally higher in the organizational hierarchy, which could also cause some tension.

But the relationship has evolved in recent years, to the point where the two positions are often more on par with each other. And with security's growing importance to the business (and the boardroom), the two jobs often share the same goals and responsibilities.

Continue reading →

A new report from IANS Research and recruitment firm Artico Search shows that although 64 percent of CISOs say they are satisfied in their job, 75 percent are open to a change.

More than 660 chief information security officers (CISOs) provided data for the report. Additionally, research team members held conversations with over 100 CISOs to better understand the challenges they face today and the future opportunities.

Continue reading →