Ransomware is still rampant, with industries like financial services (59%), retail (59%) and healthcare (52%) experiencing attacks that significantly impacted their systems and business operations last year.
Of those that were hit with ransomware attacks, 83% paid the attackers and half paid at least US$100,000. Retailers were most likely to pay the ransom and they did so directly, through cyber insurance or a third party.
These were among the findings from the 2023 CISO Report by Splunk, a cybersecurity and observability solutions provider. Chief information security officers (CISOs) and other security leaders across 10 countries globally, including Singapore, were surveyed from May 2023 to June 2023 for the report.
Respondents highlighted tool sprawl and generative AI as some of their current major concerns.
The majority (88%) see a need to rein in security analysis and operations tools with solutions like security orchestration, automation and response (SOAR), security information and event management (SIEM), and threat intelligence. They are also looking to simplify processes with automation.
As for generative AI, 70% believe the technology could present cyber attackers more opportunities to launch attacks. Yet, 35% are in the midst of experimenting with generative AI for cyber defence including for malware analysis, workflow automation and risk scoring. Eighty-six per cent of the surveyed CISOs also believe generative AI will alleviate talent shortage in security teams by taking on labour-intensive and time-consuming security tasks to free up security professionals for more strategic work.
See also: Tesla Cybertruck to go on tour in China to burnish tech cred
Besides that, the report found that organisations across industries are prioritising cybersecurity. Almost all (93%) of the respondents expect an increase in their cybersecurity budget over the next year. CISOs are also now reporting directly to the CEO (47%), and many are participating regularly in board meetings.
Moreover, 90% of CISOs say their governing board cares more about different KPIs and security metrics today than it did two years ago. The top three CISO metrics include results of security testing, ROI of security investments, and the ability to purchase cyber insurance.
"The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions. These relationships provide CISOs the opportunity to become champions who strengthen an organisation's security culture and lead teams to become more cross-collaborative and resilient. By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI , to help improve cyber defence management and prepare for the future," says Jason Lee, Splunk's CISO.
