Trellix has released its latest report, The Mind of the CISO. The research is the result of a survey of global Chief Information Security Officers (CISOs) across every major industry and reveals how they work amidst a tumultuous threat landscape, which business functions hold them back and what they need to be successful.
“Our research shows CISOs are motivated by a mission to protect. Yet, CISOs still feel unsupported, unheard and invisible,” said Bryan Palma, CEO of Trellix. “I’ve been a CISO, it can be the loneliest position in tech. However, now is the time, with AI in the hands of both good and bad actors, to revolutionise SecOps strategies and fight back against criminals. We need to empower our CISOs to win every time.”
The research revealed key pain points CISOs experience, including:
- Not enough support. The majority (96%) struggle to get support from the executive board for the resources needed to maintain cybersecurity strength. Nearly half think their jobs would be easier if all employees across the entire business were better aware of the challenges of cybersecurity. In addition, one-third of CISOs cite a lack of skilled talent on their team as a primary challenge.
- The pressure is high. Over three-quarters (86%) have managed a major cybersecurity incident once and, for four in 10, more than once. Overwhelmingly, 72% of respondents feel fully or mostly accountable for the incidents and 43% experienced major attrition from the security operations team as a direct result.
- Working with too many of the wrong solutions. With organisations reporting using an average of 25 individual security solutions, 30% say a top hurdle is having too many pieces of technology without a sole source of truth. CISOs can find the number of security solutions available to them overwhelming, unnecessary and challenging.
- The right solutions would make a difference. Nearly allagree (94%) having the right tools in place would save them considerable time. Just under half (44%) want access to a single integrated enterprise tool to optimise security investments.
“We get tool exhaustion at some places where money is just thrown at tools and they’re only using a quarter of it,” commented an anonymous CISO in the US public sector. “So having a unified security tool, that’s been built and understood by security people and CISOs and analysts and engineers, that understand their day-to-day work and activities when it comes to certain things, is I think, something that’s missing.”Click below to share this article