A review from Ernst & Young LLP analyzed the latest threat environment and a connect within the . The study found that 66 % of CISOs say they are worried that the cybersecurity threats their organization is facing are more advanced than their defenses, which is significantly more than their C-suite counterparts ( 56 % ).
Comparing the actions of to their C-suite rivals reveals worrying split. For example, are more likely than the rest of the C-suite to express concern about senior leaders at their organization underestimating the dangers of cybersecurity threats ( 68 % vs. 57 % ), highlighting a lingering vulnerability due to a lack of understanding by C-suites of the downside risks.
The study also found a divide between CISOs and the rest of the C-suite on the nature of security incidents and the threat actors concerned. CISOs ( 57 % ) are more likely than the rest of the C-suite ( 47 % ) to say their organization has experienced a cybersecurity incident due to cybercriminals in the past three years. Conversely, more CISOs ( 47 % ) say their organization has experienced a cybersecurity incident due to inside threats ( i. electronic. , employees intentionally stealing or leaking private information ) in the past three years, compared to the rest of the C-suite ( 31 % ). This gap in understanding about the ancient source of situations is difficult for building defenses against future threats.
Another concerning disconnect is that CISOs are the most likely to attribute decreased cyber incidents to investment in artificial intelligence ( AI ). In fact, 75 % of CISOs say their organization experienced a decrease in cybersecurity incidents following increased investment in AI, compared to the rest of the C-suite ( 68 % ). By contrast, the rest of the C-suite ( 77 % ) is more likely than CISOs ( 69 % ) to attribute success in decreased cybersecurity incidents to increased investments in employee cybersecurity training.
While 21 % of C-suite leaders say their organization currently invests more than 10 % of their IT budget ( which cybersecurity falls under ) in cybersecurity, this number is expected to roughly double to 38 % next year.
.