CISO Research Reveals 90% of Organizations Suffered At Least One Major Cyber Attack in the Last Year; 83% Report Ransomware Payments

Rhea-AI Summary

New Global Survey Finds 47% of CISOs Report Directly to the CEO and 93% of CISOs Expect an Increase in Their Cybersecurity Budget Over the Next Year

Positive

• CISOs report directly to the CEO in 47% of organizations surveyed
• 93% of CISOs expect an increase in their cybersecurity budget over the next year

Negative

• None.

New Global Survey Finds 47% of CISOs Report Directly to the CEO and 93% of CISOs Expect an Increase in Their Cybersecurity Budget Over the Next Year

SAN FRANCISCO--(BUSINESS WIRE)-- Splunk Inc. (NASDAQ: SPLK), the cybersecurity and observability leader, today released its 2023 CISO Report, a new global research report detailing emerging trends, threats and strategies for today’s Chief Information Security Officers (CISOs), Chief Security Officers (CSOs) and other qualified security leader equivalents.

“The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions,” said Jason Lee, CISO, Splunk. “These relationships provide CISOs the opportunity to become champions who strengthen an organization’s security culture and lead teams to become more cross-collaborative and resilient. By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defense management and prepare for the future.”

Notably, 86% of surveyed CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic. Thirty-five percent report using generative AI for positive security applications and an additional 61% will likely use it within the next 12 months. Additional key findings from the research include:

CISOs Defend Against the Threat Landscape

• CISOs pay ransomware demands. Ninety percent of respondents reported their organization experienced at least one disruptive cyber attack last year. Numerous industries experienced ransomware attacks that significantly impacted their systems and business operations, including financial services (59%), retail (59%) and healthcare (52%). Eighty-three percent of organizations paid the attackers in the wake of a ransomware attack, and more than half paid at least $100,000. The retail industry is the most likely to pay the ransom, with 95% of respondents reporting they either paid directly, through cyber insurance or a third party.
• CISOs are trying to stay ahead of generative AI. The majority of CISOs (70%) surveyed believe generative AI could give cyber adversaries more opportunities to commit attacks, yet 35% are already experimenting with it for cyber defense including malware analysis, workflow automation and risk scoring. CISOs in healthcare (88%), manufacturing (76%) and financial services (72%) express the most fear that generative AI would give either a strong or slight advantage to cyber adversaries. Fifty-one percent of CISOs in financial services say they planned to implement specific cybersecurity controls to mitigate AI security risks. Ninety-three percent of CISOs have extensively or moderately implemented automation into their processes.
• Reining in tools will close visibility gaps. CISOs overwhelmingly responded that tool sprawl is a major concern, likely compounding existing visibility issues. The vast majority (88%) say they see a need to rein in security analysis and operations tools with solutions like security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat intelligence. CISOs are looking to decrease the number of tools they use and simplify processes with automation.

Organizations Prioritize Cybersecurity

• CISOs are now in the C-Suite. In 47% of organizations surveyed, the CISOs are now reporting directly to the CEO, indicating a closer relationship with the C-Suite and their respective governing boards. Boards of directors are increasingly looking to CISOs to guide cybersecurity strategy, offering an opportunity for CISOs to articulate value and fill in communication gaps. Numerous CISOs across many industries report regular participation in board meetings, including technology (100%), government (100%), communications and media (94%), healthcare (88%) and manufacturing (86%). Ninety percent of CISOs say their governing board cares more about different KPIs and security metrics today than it did two years ago. The top three CISO metrics for success are: results of security testing, the ROI of security investments, and the ability to purchase cyber insurance.
• Boards prioritize security funding. Ninety-three percent of respondent CISOs expect an increase in their cybersecurity budget over the next year, yet 83% see cuts in other parts of their organization. Economic challenges are impacting security with 80% saying they have noticed their organization has faced a growing number of threats coinciding with the declining economy.
• Cross-functional collaboration will be critical for a lasting resilience strategy. Ninety-two percent of respondents report either a significant or moderate increase in cybersecurity collaboration between security teams, IT and engineering organizations, largely driven by initiatives like digital transformation, cloud native development and a greater emphasis on risk management. Seventy-seven percent indicate collaboration with IT and development teams on incident root cause analysis and resolution was good, while 42% said there is still room for improvement. CISOs agree that strategic collaboration will be vital to gain visibility and ensure resilience throughout the organization.

To download the 2023 CISO Report, please visit the Splunk website.

Methodology

The 2023 CISO Report research was conducted through separate quantitative and qualitative surveys from May 2023 through June 2023 in participation with Enterprise Strategy Group. The quantitative survey targeted 350 CISOs, CSOs and other qualified executive security leader equivalents across 10 countries: Australia, Canada, France, Germany, India, Japan, New Zealand, Singapore, the United Kingdom and the United States. The qualitative research targeted 20 CISOs, CSOs and security leaders in 60-minute in-depth phone interviews across Canada, the United Kingdom and the United States. For purposes of the CISO Report, when “CISOs” are referenced, it includes the surveyed CISOs, CSOs and other qualified executive security leader equivalents.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application issues from becoming major incidents, absorb shocks from digital disruptions, and accelerate digital transformation.

Splunk, Splunk>, and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2023 Splunk Inc. All rights reserved.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231010932013/en/

Media Contact

Gabrielle Jasinski

Splunk Inc.

press@splunk.com

Investor Contact

Investor Relations

Splunk Inc.

ir@splunk.com

Source: Splunk Inc.

FAQ

What percentage of CISOs report directly to the CEO?

47% of CISOs report directly to the CEO.

What percentage of CISOs expect an increase in their cybersecurity budget?

93% of CISOs expect an increase in their cybersecurity budget over the next year.

What are the top three metrics for CISO success?

The top three CISO metrics for success are: results of security testing, the ROI of security investments, and the ability to purchase cyber insurance.

What industries experienced significant ransomware attacks?

Financial services, retail, and healthcare industries experienced significant ransomware attacks.

What percentage of organizations paid ransomware attackers?

83% of organizations paid the attackers in the wake of a ransomware attack.

What is the most likely industry to pay the ransom?

The retail industry is the most likely to pay the ransom, with 95% of respondents reporting they either paid directly, through cyber insurance or a third party.

What is the concern regarding generative AI?

70% of CISOs surveyed believe generative AI could give cyber adversaries more opportunities to commit attacks.

What percentage of CISOs use generative AI for cyber defense?

35% of CISOs report using generative AI for cyber defense applications.

What is the expected increase in cybersecurity budget?

93% of CISOs expect an increase in their cybersecurity budget over the next year.

What is the impact of economic challenges on security?

80% of CISOs say they have noticed their organization has faced a growing number of threats coinciding with the declining economy.