CEOs and CISOs disagree on cyber strategies
There are growing disparities in how CEOs and CISOs view the most effective cybersecurity path forward, according to Forcepoint.
The global survey of 200 CEOs and CISOs from across industries including healthcare, finance and retail, among others, uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, including the lack of an ongoing cybersecurity strategy for less than half of all CEO respondents.
The research also identified disparities between geographic regions on data protection as well as a digital transformation dichotomy battle between increased risk and increased technology capability.
Key findings
- Most leaders (76%) are losing sleep over the prospect of becoming the next headline-grabbing security breach
- This is despite a high percentage (87%) believing that their security team is consistently ahead of cybersecurity threats
- This disparity is compounded by a belief that senior leadership is cyber-aware and data-literate (89%) and focused on cybersecurity as a top organizational priority (93%)
- Cybersecurity strategies are seen by 85% of executives as a major driver for digital transformation, yet 66% recognize the increased organizational exposure to cyber threats because of digitization
- Only 46% of leaders regularly review their cybersecurity strategies
“When more than 89% of leaders believe their teams are more cyber-aware than ever, it’s not surprising to hear executives are losing sleep over their cybersecurity posture today because they know the stakes to their business are so high,” said Nicolas Fischbach, Global CTO of Forcepoint. “At a time when cybersecurity is more strategic to business growth than ever before, it is time senior business and security leaders reassess their cybersecurity strategy to one that enables them to move left of breach.
Disparities between CEOs, CISOs and global geographies
The research spotlights the disparity in how enterprises across global geographies prioritize key elements of security. Protecting customer data is a resounding priority for leaders in the US (62%) and Europe (64%), while in Asia 61% of leaders will prioritize protecting organizational IP over customer data.
Factors influencing these results may be due in part to differing regulatory approaches to data and privacy protection as well as recent legislative decisions in the U.S. and Europe, such as GDPR and CCPA.
There is also a clear divide between CEOs and CISOs in how they identify the right cybersecurity path forward for their business. CEOs prefer to be proactive and risk-focused (58%), prioritizing maintenance of business stability above all.
While more than half of CISOs (54%) embrace a more reactive, incident-driven approach to mitigating today’s dynamic cybersecurity threat landscape.
The research also found that, despite claiming vendor fatigue, enterprises use more than 50 security vendors on average with 62% reporting they want even more.
However, as more enterprises begin to embrace the cost savings and benefits of converged networking and security capabilities found in the emerging Secure Access Service Edge (SASE) security architecture approach the need for dozens of security vendors will abate over time.
Fischbach continued, “Companies leading on the cybersecurity front today are realistic about the risks they face and are prepared to prioritize security to protect the lifeblood of their business – which is customer data and organizational IP. And with today’s new way of working, getting this right within a remote work reality has never been more critical.
“Now is the time for all business and security leaders to recognize the business continuity actions they take now will determine whether they simply survive or thrive in today’s new business reality.”