A recent report by ClubCISO and Telstra Purple has revealed that despite a challenging economic climate and increased global tensions, cybersecurity incidents and material breaches have significantly decreased. The report surveyed Chief Information Security Officers (CISOs) and found that 76% of respondents reported no material breaches, while 60% stated that no material cybersecurity incidents occurred in the past year.
The apparent success of security teams in preventing breaches is particularly intriguing considering that CISOs rated their organization’s overall security posture lower than the previous year. Last year, 46% of respondents rated themselves as above average in terms of security, but this year only 38% gave themselves the same rating. Additionally, more than 13% of CISOs expressed a lack of confidence in their organization’s ability to meet key security objectives, a result that remained unchanged from the previous year.
While the decline in material breaches and incidents does not directly correspond to the overall security posture ratings, it may be partially explained by the positive cultural changes observed by CISOs. A whopping 80% of respondents believed that their organization’s security culture had improved to some extent in the past year. When asked about the most influential factors contributing to these cultural improvements, 60% cited leadership endorsement as a major influence. Other factors such as proactive ‘report it’ no-blame policies, simulated phishing, and tailored training also played a significant role, although they scored lower compared to the previous year, indicating their integration as established practices in security culture.
Jessica Barker, an Advisory Board Member, commented on the findings stating, “Our findings this year acknowledge the crucial role that leadership endorsement plays in security culture.” She also emphasized that without support from the top management, building a healthy security culture would always be more challenging. The report revealed a significant increase in alignment between security teams and executive teams, with 67% of CISOs reporting stronger alignment compared to 59% the previous year. Similarly, alignment with the board increased from 49% in 2022 to 54% in the current year.
The survey also addressed the issue of cybersecurity insurance in response to the heightened threat landscape. It was found that 72% of respondents now have cybersecurity insurance, showing a growing recognition of its importance. However, 15% of the participants expressed a lack of belief in the benefits of insurance and therefore did not opt for it.
Rob Robinson, Head of Telstra Purple EMEA, highlighted the significance of the findings, stating, “The results from the members survey reinforce what we’ve been seeing in the market for some time now – security strategies need to be built around people to be truly effective.” He attributed the decline in material breaches to the people and cultural improvements observed, noting that 80% of CISOs reported positive developments in their organization’s security culture.
Furthermore, Robinson underscored the critical role of leadership endorsement in establishing an effective security posture, commending the progress made by CISOs at the highest levels of business. He emphasized that strong security is now recognized as a key corporate capability, largely due to the voice that CISOs have developed at the C-level.
In conclusion, the report by ClubCISO and Telstra Purple provides valuable insights into the state of cybersecurity in organizations. It highlights the decrease in material breaches and incidents, despite a perception of lower overall security posture. The findings also emphasize the importance of leadership endorsement and cultural improvements in building a robust security culture. With cybersecurity becoming increasingly vital in today’s digital landscape, organizations must continue to prioritize and invest in these areas to safeguard their valuable assets.