CISO Research Reveals 90% of Organizations Suffered At Least One Major Cyber Attack in the Last Year; 83% Report Ransomware Payments
October 10 2023 - 8:00AM
Business Wire
New Global Survey Finds 47% of CISOs Report
Directly to the CEO and 93% of CISOs Expect an Increase in Their
Cybersecurity Budget Over the Next Year
Splunk Inc. (NASDAQ: SPLK), the cybersecurity and observability
leader, today released its 2023 CISO Report, a new global research
report detailing emerging trends, threats and strategies for
today’s Chief Information Security Officers (CISOs), Chief Security
Officers (CSOs) and other qualified security leader
equivalents.
“The C-Suite and board of directors are increasingly relying on
CISOs for guidance across a sophisticated threat landscape and
changing market conditions,” said Jason Lee, CISO, Splunk. “These
relationships provide CISOs the opportunity to become champions who
strengthen an organization’s security culture and lead teams to
become more cross-collaborative and resilient. By communicating key
security metrics, CISOs can also guide boards on adopting emerging
technologies, such as generative AI, to help improve cyber defense
management and prepare for the future.”
Notably, 86% of surveyed CISOs believe generative AI will
alleviate skills gaps and talent shortages on the security team,
filling labor-intensive and time-consuming security functions and
freeing up security professionals to be more strategic. Thirty-five
percent report using generative AI for positive security
applications and an additional 61% will likely use it within the
next 12 months. Additional key findings from the research
include:
CISOs Defend Against the Threat Landscape
- CISOs pay ransomware demands. Ninety percent of
respondents reported their organization experienced at least one
disruptive cyber attack last year. Numerous industries experienced
ransomware attacks that significantly impacted their systems and
business operations, including financial services (59%), retail
(59%) and healthcare (52%). Eighty-three percent of organizations
paid the attackers in the wake of a ransomware attack, and more
than half paid at least $100,000. The retail industry is the most
likely to pay the ransom, with 95% of respondents reporting they
either paid directly, through cyber insurance or a third
party.
- CISOs are trying to stay ahead of generative AI. The
majority of CISOs (70%) surveyed believe generative AI could give
cyber adversaries more opportunities to commit attacks, yet 35% are
already experimenting with it for cyber defense including malware
analysis, workflow automation and risk scoring. CISOs in healthcare
(88%), manufacturing (76%) and financial services (72%) express the
most fear that generative AI would give either a strong or slight
advantage to cyber adversaries. Fifty-one percent of CISOs in
financial services say they planned to implement specific
cybersecurity controls to mitigate AI security risks. Ninety-three
percent of CISOs have extensively or moderately implemented
automation into their processes.
- Reining in tools will close visibility gaps. CISOs
overwhelmingly responded that tool sprawl is a major concern,
likely compounding existing visibility issues. The vast majority
(88%) say they see a need to rein in security analysis and
operations tools with solutions like security orchestration,
automation and response (SOAR), security information and event
management (SIEM) and threat intelligence. CISOs are looking to
decrease the number of tools they use and simplify processes with
automation.
Organizations Prioritize Cybersecurity
- CISOs are now in the C-Suite. In 47% of organizations
surveyed, the CISOs are now reporting directly to the CEO,
indicating a closer relationship with the C-Suite and their
respective governing boards. Boards of directors are increasingly
looking to CISOs to guide cybersecurity strategy, offering an
opportunity for CISOs to articulate value and fill in communication
gaps. Numerous CISOs across many industries report regular
participation in board meetings, including technology (100%),
government (100%), communications and media (94%), healthcare (88%)
and manufacturing (86%). Ninety percent of CISOs say their
governing board cares more about different KPIs and security
metrics today than it did two years ago. The top three CISO metrics
for success are: results of security testing, the ROI of security
investments, and the ability to purchase cyber insurance.
- Boards prioritize security funding. Ninety-three percent
of respondent CISOs expect an increase in their cybersecurity
budget over the next year, yet 83% see cuts in other parts of their
organization. Economic challenges are impacting security with 80%
saying they have noticed their organization has faced a growing
number of threats coinciding with the declining economy.
- Cross-functional collaboration will be critical for a
lasting resilience strategy. Ninety-two percent of respondents
report either a significant or moderate increase in cybersecurity
collaboration between security teams, IT and engineering
organizations, largely driven by initiatives like digital
transformation, cloud native development and a greater emphasis on
risk management. Seventy-seven percent indicate collaboration with
IT and development teams on incident root cause analysis and
resolution was good, while 42% said there is still room for
improvement. CISOs agree that strategic collaboration will be vital
to gain visibility and ensure resilience throughout the
organization.
To download the 2023 CISO Report, please visit the Splunk
website.
Methodology
The 2023 CISO Report research was conducted through separate
quantitative and qualitative surveys from May 2023 through June
2023 in participation with Enterprise Strategy Group. The
quantitative survey targeted 350 CISOs, CSOs and other qualified
executive security leader equivalents across 10 countries:
Australia, Canada, France, Germany, India, Japan, New Zealand,
Singapore, the United Kingdom and the United States. The
qualitative research targeted 20 CISOs, CSOs and security leaders
in 60-minute in-depth phone interviews across Canada, the United
Kingdom and the United States. For purposes of the CISO Report,
when “CISOs” are referenced, it includes the surveyed CISOs, CSOs
and other qualified executive security leader equivalents.
About Splunk Inc.
Splunk Inc. (NASDAQ: SPLK) helps build a safer and more
resilient digital world. Organizations trust Splunk to prevent
security, infrastructure and application issues from becoming major
incidents, absorb shocks from digital disruptions, and accelerate
digital transformation.
Splunk, Splunk>, and Turn Data Into Doing are trademarks and
registered trademarks of Splunk Inc. in the United States and other
countries. All other brand names, product names, or trademarks
belong to their respective owners. © 2023 Splunk Inc. All rights
reserved.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20231010932013/en/
Media Contact Gabrielle Jasinski Splunk Inc.
press@splunk.com
Investor Contact Investor Relations Splunk Inc.
ir@splunk.com
Splunk (NASDAQ:SPLK)
Historical Stock Chart
From May 2024 to Jun 2024
Splunk (NASDAQ:SPLK)
Historical Stock Chart
From Jun 2023 to Jun 2024