Global enterprises are harnessing new technologies to reinvent their operations and conquer new horizons. This is however reshaping the roles of CISOs and senior security leaders as they try to navigate the evolving challenges arising from the rapid adoption of these disruptive technologies. Wipro’s State of Cybersecurity Report 2023 (SOCR) offers crucial insights into the latest trends and the proactive steps CISOs are taking to navigate this dynamic landscape.
Latest cybersecurity trends CISOs must know
The Wipro SOCR 2023 surveyed security leaders from 345 organizations across the US, Europe, Asia Pacific, Middle East and Africa regions and found that:
- Email phishing (81%) and ransomware (79%) remain the top cyber attack methods, but their execution tactics have evolved.
- Generative AI advancements are poised to enhance various types of attacks, both defensively and offensively, owing to their widespread adoption.
- The most breached sectors were technology (35%), consumer (29%), and health care (17%).
- Advanced PII records were involved in 38% of data breaches, marking a 13% increase from 2020.
- Over 65% of organizations reported downtime exceeding 6 weeks following a ransomware attack, highlighting the challenge of system restoration.
- Nearly one-third (29%) of breached organizations (51% of those surveyed) experienced a repeat breach within three years, often unrelated to the initial breach, possibly indicating the work of new threat actors.
- Damage to brand reputation was the primary consequence for 75% of organizations, followed by customer loss (42%), opportunity loss (42%), and regulatory fines (23%).
How modern enterprises embrace cybersecurity
Modern enterprises are evolving their approach to cybersecurity to address investor concerns and meet fiduciary responsibilities, with a focus on regulatory compliance.
Board Oversight – They are increasingly appointing directors with cybersecurity expertise to enhance board oversight, allowing for more nuanced decision-making in this critical area.
- Currently, 87% of surveyed organizations have established mechanisms for cybersecurity board oversight, with 38% having an independent board-appointed advisor.
- However, only 32% of organizations have a designated board member with cyber risk experience, and merely 17% have formed a dedicated cybersecurity subcommittee.
Increased Reporting – Reporting frequency on cyber risk is increasing, necessitating significant enhancements in reporting systems and processes to ensure information is relevant and easily digestible for boards.
- Approximately 41% of organizations report cyber risk to the board every quarter, while 27% report monthly, and 17% semi-annually. Only 10% report cyber risks annually, and a mere 5% on an ad hoc basis.
CISO Reporting – Aligning cybersecurity within the business management structure promises benefits like improved board accountability, spreading risk-mitigating behavior throughout the organization, and advocating for necessary cybersecurity budgets.
- The reporting structure for CISOs varies, with 54% reporting to CIOs.
- Around 25% report directly to the CEO, or through indirect supervisory channels, and 20% report to other C-level executives, such as COOs, CROs, CFOs, and CLOs.
Hiring Cyber Professionals – The cybersecurity talent gap presents a challenge, placing significant pressure on security leadership and HR teams to find new talent.
- The survey finds that technical aptitude is the primary hiring criterion, followed by cybersecurity certifications, and relevant work experience in the field.
Cybersecurity investments: Organizations are willing to spend over 10% of their IT budget
- 32% of surveyed organizations allocate over 10% of their annual IT budget to security, while 22% allocate less than 4%.
- Many organizations face financial challenges that may impact overall IT spending leading CISOs to focus on advocating security capabilities that can create and expand new revenue streams.
Key Investment Areas:
- 79% emphasize security orchestration and automation as crucial technologies for cost efficiency and scalable defense.
- 71% prioritize Zero Trust networks, a growing standard for authentication in interconnected environments.
- 67% invest in third-party risk management and supply chain security to address multiparty risks in digital transformations.
- Globally, 46% of organizations highlight OT/IoT security as a priority, with a higher emphasis on ENU (56%) and Manufacturing (71%) sectors.
- Over the last decade, organizations have intensified their focus on data privacy due to stringent global privacy regulations.
- Identity has become the new perimeter in cybersecurity. Strategies centered on Identity and Access Management (IAM) are gaining traction.
- 57% prioritize OpEx reduction through IAM-as-a-Service, while 42% aim to generate revenue by modernizing Customer IAM (CIAM) initiatives, aligning IAM strategies with business objectives.
In the face of rapid technological disruption, CISOs must adopt a forward-thinking approach to proactively navigate evolving security landscapes. The prevailing trend sees organizations striving for enhanced security across various domains, from cloud and threat intelligence to application, endpoint, device, and data security, leveraging cutting-edge technologies such as AI/ML, blockchain, quantum computing, 5G, digital twin, and IoT. This strategic alignment empowers them not only to defend against emerging threats but also to harness the full potential of these innovations for a more secure future.