Cybercriminals have more tools than ever to disrupt business operations, steal data for ransom, and manipulate employees into exposing sensitive information. Generative AI (GenAI) is taking those capabilities to new levels by enhancing phishing attacks and enabling audio and video deepfakes.
Security professionals are also facing new pressures from chief executives and corporate boards who increasingly understand the legal, financial, and reputational risks cyber threats pose to businesses.
To find out how these and other developments are shaping the day-to-day experience of cybersecurity professionals worldwide, Trend conducted its inaugural Risk to Resilience World Tour Survey. We surveyed more than 750 cybersecurity professionals in 49 countries, with a focus on four key roles:
- Chief information security officer (CISO)
- Security operations center (SOC) team
- IT operations staff
- Cloud security engineers
This blog explores our findings from CISO respondents. Check out the full report, The Defenders, to read about the other roles.
CISOs in the spotlight
The focus is on CISOs as cyber threats become increasingly prominent in corporate risk management discussions. Security leaders are expected to have the right answers regardless of whether the topic is AI, cloud, hybrid work, or any other facet of the IT environment—and they need more resources to meet this challenge.
Spending proves cybersecurity is a priority
Most CISOs (61%) say their budgets for 2024 were higher than in the previous year. This suggests the long-held view of cybersecurity as a cost center is giving way to recognition of its central importance to business operations.
Even so, 25% of CISOs cite limited budget as a top challenge when it comes to retaining and hiring cybersecurity talent—second only to skills and knowledge shortages (30%). More money for hiring might help, but there’s no guarantee that the required skills and knowledge are readily available. Instead, CISOs may be able to close gaps by integrating AI into their strategies, using it to lift the burden from their existing teams so they can do more—and even more efficiently.
Not always on the same page
The general CISO consensus is that corporate directors have a decent understanding of cyber risks and challenges. On a scale of one to five, 89% of CISOs rated their board’s understanding at three or higher, with 24% giving the board a five. When asked what aspects of communication with the board they find most challenging, their top answer (23%) was “communicating strategy or risk,” followed by justifying spending on security tools and staffing (17%).
These findings suggest that, at the board level, understanding risks doesn’t always translate into knowledge of how to mitigate them. In a separate global survey of 2,600 IT leaders, 80% of respondents told Trend that their boards would only be spurred to act decisively on business risk if the organization suffered a major breach or financial loss. According to IBM’s Cost of a Data Breach Report 2024, the average cost of such losses continues to climb—up 10% year over year by February 2024 to US $4.88 million—underscoring the importance of proactive risk management.
Ongoing engagement and correlated data will be the keys that enable CISOs to deliver crucial information to their boards. Unified platforms that consolidate telemetry, information, insights, and emerging technologies like next-generation security information and event management (NGSIEM) help to support both.
The paths to managing cyber risk are converging
CISOs and security teams battle with resource constraints. IT operations seek greater integration. Cloud security engineers strive for expanded visibility. All of these needs can be addressed with the AI-powered automation, contextualized data, and integration of a platform-based approach to cybersecurity.
Consolidating security within a single platform that can integrate third-party toolsets gives security leaders what they need with more flexibility, greater efficiency, minimized sprawl, and reduced total cost of ownership.
This approach meets security teams where they’re at and respects the investments organizations have made to date, while transforming working models to drive strong user experience and security outcomes. Rich telemetry is more readily available, empowering teams to make more proactive and effective risk remediation decisions.
Trend Vision One™ delivers the benefits of a platform approach with comprehensive protection, prevention, detection, and response capabilities—all powered by AI and leading threat research and intelligence. It supports diverse hybrid IT environments, automates and orchestrates workflows, and delivers expert cybersecurity services to simplify and converge security operations holistically—all while measuring and communicating overall risk management and performance to stakeholders.
Explore more resources:
- Read the full report
- Watch the video on Trend Vision One™ – Attack Surface Risk Management (ASRM)
- Explore our Trend Vision One platform