Eighty-four percent of CISOs in North America believe cybersecurity breaches are inevitable, and a lack of influence in the boardroom is making it difficult to justify the necessary cybersecurity budgets, according to a survey of 250 IT decision-makers by Kaspersky Lab.
The report found that CISOs believe financially motivated criminal gangs (40 percent) and malicious insider attacks (29 percent) are the biggest IT security threats to their business today. In addition, the rise of cyber threats in the midst of a digital transformation is making the CISO role increasingly critical; 57 percent of CISOs consider complex infrastructures involving cloud and mobility to be their top challenge, followed by managing personal data and sensitive information (54 percent) and worrying about the continuing increase of cyberattacks (50 percent).
As pressure on CISOs continues to climb, budgets are growing as well. More than half of CISOs expect their budgets to increase in the future. However, as CISOs cannot often offer a clear ROI or a guarantee of protection from cyberattacks, it’s difficult for more than one-third of CISOs surveyed to secure their required IT budgets. Many CISOs, whose cybersecurity budget is wrapped into overall IT spend, are seeing their security funding prioritized for digital, cloud or other IT projects with clearer ROI potential.
According to Kaspersky Lab cybersecurity expert Andrey Pozhogin: “There is an opportunity for CISOs to increase their influence and leadership within an organization, and ensure their views are aligned with those of the executive team. Working with different lines of business on various projects can help them be seen as more of an authority figure. Increased normal interaction between IT security and the different lines of business can strengthen collaboration and prove their need to be involved in strategic decisions,” he told Channel Partners.
“The issue is that CISOs at the executive level are only typical in enterprises that are highly digital, highly sensitive or very large – and in North America, only 40 percent of cybersecurity managers are part of the C-suite,” Pozhogin adds. “As cybersecurity budgets are expected to grow – with 45 percent of enterprises planning to raise budgets in the next financial year – CISOs will need to become a more influential member of the leadership team in the future. It will be important that their presence is known and they are seen at C-suite security leaders in the business.”