LevelBlue released the LevelBlue Accelerator: C-Suite Cyber Resilience Responsibilities, an analysis of C-level executives who are responsible for cyber resilience with their organizations.
The Accelerator is an in-depth look into data from the 2024 LevelBlue Futures Report,
analyzing the dynamics among C-suite executives to better understand
issues that prevent risk reduction, stall or complicate compliance, and
create barriers to cyber resilience. Top findings include:
CISOs Pressured with AI, Cybersecurity Risk Tradeoffs, and Budget
While CISOs are often responsible for technology implementation, they
are not getting the support they need at a strategic level. The
Accelerator found that 73% of CISOs expressed concern over cybersecurity
becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58%
of both CIOs and CTOs. Additionally, 73% of CISOs feel more pressure to
implement AI strategies versus just 58% of CIOs and CTOs. These
pressures pair with the fact that 66% of CISOs believe reactive budgets
cause a lack of proactive cybersecurity measures, compared to 55% of
CIOs and 53% of CTOs feeling the same way.
C-Suite Alignment Could Clarify Cybersecurity Priorities
CISOs expressed more concern about cybersecurity's operational and
strategic challenges. The missing component is alignment among the
different interests represented by the other roles: CTOs were concerned
with the impact of compliance on innovation and competitiveness,
aligning with their focus on technology development. Conversely, CIOs
balance broader strategic perspectives, encompassing risk management,
compliance, and adopting new technologies.
Based on roles, it is not surprising most CIOs (92%) are more inclined
to embrace uncertainty concerning cyber threats, compared to 81% of CTOs
and 75% of CISOs. These differences in tolerance are important to
discuss when creating a cybersecurity strategy that considers business
priorities.
"Understanding the C-suite's business priorities is critical for shaping
effective cybersecurity strategies," said Theresa Lanowitz, Chief
Evangelist of LevelBlue. "Identifying how these essential roles look at
the business helps to ensure alignment among CIOs, CTOs, and CISOs, as
well as the teams that report into them. It's a key first step towards
bolstering cyber defenses, especially with the CEO and Board support."
[ Read the VMblog BlackHat Q&A with Theresa Lanowitz, Chief Evangelist AT&T
Cybersecurity/Agent for LevelBlue ]
Additional findings:
-
CTOs view compliance as an obstacle to innovation. 73% of CTOs
(compared to 55% CIOs and 61% CISOs) are concerned about regulations
hindering competitiveness and are more likely to perceive compliance as
an obstacle to innovation.
-
The supply chain has hidden risks, and the importance of those risks varies.
Nearly three in four CIOs (74%) and CISOs (73%) find it challenging to
assess the cybersecurity risk from their supply chain, compared to only
64% of CTOs.
-
C-Suite alignment on cloud computing supports cybersecurity resilience. There
was little difference in the perception of cloud computing's ability to
provide cybersecurity resilience among CIOs, CTOs, and CISOs, with 83%,
82%, and 80%, respectively, acknowledging its benefits. This consensus
indicates a shared recognition among these executive roles of cloud
solutions' value in enhancing cybersecurity.
The LevelBlue Accelerator provides best practices for improving cyber
resilience for CIOs, CTOs, and CISOs, providing an actionable roadmap
tailored to these executives. A full copy of the LevelBlue Accelerator:
C-Suite Cyber Resilience Responsibilities can be downloaded here. This study follows the release of the 2024 LevelBlue Futures Report which can be found here.