With the enforcement of new regulations such as the SEC’s cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU, organizations are facing a significant challenge, as highlighted by Onyxia Cyber.
The role of a Chief Information Security Officer (CISO) has evolved significantly in recent years, transforming from a technically focused cybersecurity position to one that places a greater emphasis on security strategy and mitigating business risks. With compliance regulations becoming more stringent and the financial implications of data breaches increasing annually, company executives are recognizing the critical need for cybersecurity expertise in decision-making processes.
According to a recent survey, 67% of CISOs admit to feeling unprepared for the new compliance regulations, while 52% acknowledge the need for further knowledge on reporting cyber attacks to government agencies. Sivan Tehila, CEO of Onyxia, emphasizes the importance for CISOs to enhance their security programs in a data-driven manner to address the escalating cyber threats and avoid penalties for non-compliance.
An alarming 56% of surveyed CISOs express discomfort with their current incident response strategies, indicating a pressing need for improvement in handling cyber incidents effectively. As regulatory requirements continue to evolve, many organizations struggle with interpreting terms and defining the thresholds for reporting incidents accurately.
Furthermore, the survey revealed that 67% of CISOs face challenges in persuading the C-suite to endorse their security strategies and initiatives. Interestingly, only 19% of experienced CISOs find it easy to communicate their strategies to the executive board, while 40% of less experienced CISOs share the same sentiment.
In terms of security measures, CISOs have identified areas for improvement, with an average of 11% of user accounts having weak passwords and 13% lacking multi-factor authentication (MFA). Despite the reliance on manual methods such as spreadsheets and analyst assessments to evaluate security program effectiveness, CISOs recognize the potential of artificial intelligence (AI) in enhancing risk management.
A staggering 97% of CISOs believe that AI can improve risk management practices, with over half expecting AI capabilities to identify gaps and redundancies in security stack coverage. Additionally, 42% anticipate AI’s role in automating business-level risk reporting, indicating a growing interest in leveraging AI technologies to strengthen cybersecurity efforts.
Chris Roberts, Onyxia Cyber’s CISO Advisor, acknowledges the evolving landscape of the cybersecurity industry, emphasizing the importance of aligning business objectives with legal, compliance, regulatory, and accountability considerations. The report offers a comprehensive assessment of the current state of cybersecurity practices and highlights the areas that require further attention and improvement moving forward.