A recent global survey conducted by Salt Security has revealed that the rapid shift towards a digital-first economy has introduced unforeseen risks for nearly 90% of Chief Information Security Officers (CISOs). The survey, titled “State of the CISO 2023,” gathered feedback from 300 CISOs and Chief Security Officers (CSOs) worldwide, shedding light on the significant challenges they face in managing cybersecurity in the era of digital transformation and enterprise digitalisation.
One of the key areas of concern highlighted in the survey is the increasing importance and risks associated with Application Programming Interfaces (APIs). According to the findings, 77% of CISOs consider APIs as a higher priority today compared to two years ago. The adoption of APIs was identified as the second highest security control gap, following supply chain and third-party vendors, which are essential components of organisations’ digital initiatives.
Roey Eliyahu, CEO and co-founder of Salt Security, emphasised the importance of prioritising API security in today’s digital landscape. He stated, “APIs are the building blocks of every digital service, and a significant amount of risk has shifted towards them. These findings reinforce that organisations must prioritise assessing their API security strategy to ensure they are solving today’s risk and not yesterday’s risk.”
The survey also highlighted the top challenges that CISOs face in navigating the digital-first economy. Interestingly, these challenges were found to be nearly equally concerning for CISOs, requiring them to address multiple issues simultaneously. The challenges cited include a lack of qualified cybersecurity talent to address new needs, inadequate adoption of software, the complexity of distributed technology environments, increased compliance and regulatory requirements, difficulties justifying the cost of security investments, and obtaining stakeholder support for security initiatives.
In addition to these challenges, CISOs also expressed concerns about supply chain and API security control gaps resulting from digital initiatives. Two-thirds of the surveyed CISOs stated that they have more new digital services to secure compared to 2021, with 89% highlighting the unforeseen security risks associated with the rapid introduction of digital services. Alongside supply chain and third-party vendors, API adoption and cloud adoption were identified as the top security control gaps in organisations’ digital initiatives.
The report aligns with a previous study conducted by Salt Security earlier this year, which revealed a 400% increase in cyber attackers targeting APIs. This increase further highlights the urgent need for robust API security measures in place.
The survey also examined the impact of global trends on the role of CISOs. The majority of CISOs reported feeling the impact of various global trends, with the speed of Artificial Intelligence (AI) adoption being the most significant. Other trends cited include macro-economic uncertainty, the geo/political climate, and layoffs. The findings highlight the evolving nature of AI attacks and the growing sophistication of cyber threats, placing heavy burdens on today’s CISOs and their security teams.
On a personal level, the digital-first economy has brought about several challenges for CISOs. The survey revealed concerns over personal litigation stemming from breaches, increased personal risk and liability, expanded responsibilities with limited time to fulfil, increased job-related stress, and the management of larger teams. Notably, almost 50% of CISOs expressed worries about personal litigation, highlighting the fear of being held personally liable in the event of a breach and the potential impact on their livelihoods.
Despite these challenges, the survey also uncovered positive findings regarding the boards of directors’ awareness and knowledge of cybersecurity issues. An overwhelming 96% of CISOs reported that their boards were knowledgeable or very knowledgeable about cybersecurity issues. Furthermore, the survey revealed that a significant percentage of CISOs regularly present to their boards on cyber risks mitigation and business exposure, indicating a proactive approach to cybersecurity at the highest level of organisations.
In conclusion, the State of the CISO 2023 report highlights the risks and challenges faced by CISOs in the digital-first economy. The increased importance of APIs, along with supply chain and third-party vendors, has become a critical focus area for CISOs. Additionally, the survey reveals the significant personal concerns and pressures that CISOs experience, such as the threat of litigation and increased liability. However, it is encouraging to see that boards of directors are knowledgeable about cybersecurity issues, indicating a growing awareness and prioritisation of cybersecurity at the strategic level. Moving forward, organisations must address these challenges and prioritise robust API security strategies to protect against evolving cyber threats in the digital era.