Panaseer has published a report to highlight the increasingly data-centric role of Chief Information Security Officers (CISO), including the challenges around collecting and reporting accurate data to the C-Suite.
Some of the key findings include that almost eight in ten CISOs (79%) have been surprised by a security incident that evaded their control. In addition, 38% of CISOs are unable to evidence remediation of security gaps.
84% of CISOs believe that increasing trust in their data would help them secure more resources, as well as 54% of security leaders most concerned about receiving poor quality data in a new role, followed by budget shortfalls and being scapegoated for breaches.
Concerns over inaccurate data leading to security breaches
The research also contains some interesting insights around the role of AI in security, revealing that 7 in 10 CISOs trust AI to make critical security decisions.
Key priorities identified by survey respondents highlight that security professionals wish to better understand security posture (39%), understand processes for data collection and analysis (38%) and audit of security tooling (37%).
According to Panaseer, the biggest worry of CISOs is inaccurate data on security posture, as business leaders worry about the quality more than being blamed for breaches. This acknowledges that inaccurate security data can hide points of weakness and result in security resources not being utilised efficiently.
It has become increasingly difficult for security analysts to understand cyberattackers and the threat that they pose based purely on their use of tactics. The desire to gain complete visibility into security controls data was highlighted in Panaseer’s report in the top challenges cited by respondents when starting a new CISO role:
- Getting a true picture of weaknesses in organisational security posture (49%).
- Understanding the threat landscape (45%)
- Getting trusted data to enable strategic decisions (43%)
Understanding where security controls are failing is a critical first step to mitigating cyber risk and making the right decisions, according to Panaseer. The report cites that only 36% of security leaders are totally confident in their security data and use it for all strategic decision making.
The impact of AI
The report also found a concerning gap between respondents’ perception of their security controls and reality. Nearly all (95%) said they are highly or somewhat confident that security controls are working effectively all the time, with 88% declaring that they trust their security data is accurate.
As a result, over half (54%) of security leaders said they are very confident in their ability to use security data to prioritise actions to have the greatest impact on risk reduction.
However, 79% of responding organisations admitted they have been surprised by a security incident that evaded their controls - indicating that data on the status of controls is either inaccurate, or not being properly interpreted to improve security posture.
As a result, the vast majority (90%) of security leaders said that improving the accuracy of cybersecurity data is a priority for them in the next 12 months. When asked to consider the impact of AI, 76% are concerned about threat actors using AI to find gaps in their organisations’ security controls.
Panaseer highlights that finding new and more automated ways to collect data should be treated with some urgency by businesses.
The benefits of improving data quality and trust are clear, with 84% of security leaders surveyed believing that increasing trust in their data would help them secure more resources to protect their organisation. Ultimately, Panaseer states that there needs to be a mindset change in security leaders away from using controlled data for reporting and instead embracing it to drive business decisions and stop problems before they occur.
“The industry needs to change if we are to solve the CISO security controls conundrum, and Continuous Controls Monitoring (CCM) can be the catalyst. It isn't a better reporting tool, it's a way of knowing what to do next – making day-to-day cybersecurity firefighting easier and getting ahead of the game on strategic risk,” says Panaseer Security Evangelist, Marie Wilcox.
“At the moment, many leaders don't know that security controls data can help them do this. It's understanding the value of a big picture view, and single source of truth rather than multiple siloed perspectives.”
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.