Majority of CISOs Feel Their Organizations are Unprepared for Cybersecurity Regulations

New study reveals basic security measures, such as multi-factor authentication and strong passwords, are not universally implemented

MIT SMR Editors Reading Time: 2 min  

Topics

  • News

    1. Why Cloud Security Is Breaking — And How Leaders Can Fix It

    2. IBM z17 Mainframe to Power AI Adoption at Scale

    3. Global GenAI Spending to Hit $644 Billion by 2025, Gartner Projects

    4. e& enterprise Partners with MIT Sloan Management Review Middle East for GovTech Conclave 2025

    5. More than 80% of Saudi CEOs adopted an AI-first approach in 2024, study finds

    6. UiPath Test Cloud Brings AI-Driven Automation to Software Testing

    • [Image source: Krishna Prasad/MITSMR Middle East]

    The job of a CISO has changed dramatically over the past few years. What used to be a technically minded cybersecurity role has evolved to include a greater emphasis on security strategy and quantifying and mitigating business risk. With compliance regulations adjusting to meet an evolving risk landscape and the cost of a breach growing year on year, executives realize the importance of saving a cybersecurity seat at the table.

    With the new stringent regulations, about 67% of CISOs report feeling unprepared for new compliance regulations. In comparison, 52% admit to lacking sufficient knowledge on reporting cyber attacks to the government, according to Onyxia’s Regulations, Reporting and Risk Management: The Voice of the CISO 2024 report

    “As cyber threats escalate and regulations impose heavy penalties for non-compliance, it’s imperative for CISOs to reassess and strengthen their security programs in a data-driven way,” said Sivan Tehila, CEO and Founder of Onyxia. “CISOs must enhance their preparedness, improve security hygiene, and embrace new technologies like AI to better maximize their existing security tools and protect their organizations.”

    Additional Key Findings:

    Incident Response Plans: Over half (56%) of the surveyed CISOs admit discomfort with their current incident response strategies, indicating a significant need for effective improvement in handling cyber incidents.

    Board Communication: 67% report having difficulties in effectively persuading the C-suite of their security strategies and securing buy-in for their initiatives. Interestingly, only 19% of those who have been a CISO for over five years find it very easy to share their strategy with the executive board, while 40% of less experienced CISOs say the same.

    Security Hygiene: Basic security measures, such as multi-factor authentication (MFA) and strong passwords, are not universally implemented. CISOs consider an average of 11% of user accounts with weak passwords and 13% without MFA acceptable, highlighting areas for improvement.

    AI Integration: 84% of CISOs currently measure the effectiveness and performance of their security programs with either spreadsheets, analysts, or a combination of the two approaches. Despite a reliance on manual methods, CISOs see potential in AI. Ninety-seven percent (97%) believe AI can enhance risk management, with 54% believing AI capabilities could help them identify gaps and redundancies in security stack coverage and 42% anticipating AI’s role in automating business-level risk reporting.

     

    Topics

    About the Author


    View More

    Tags:

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.