Having a lack of influence in the boardroom is one reason why 84% of CISOs in North America believe there is no way to avoid a cybersecurity breach, according to a new report from Kaspersky Lab.
Results from the report What It Takes to Be a CISO: Success and Leadership in Corporate IT Security, an annual survey conducted by PAC on behalf of Kaspersky Lab, revealed that the job of the CISO is made increasingly more difficult because cyber-threats continue to rise while organizations embark upon their digital transformation journeys. Of the 250 IT decision makers who participated in the survey, 57% said that the complexity of cloud and mobility infrastructures are their top challenges.
The second-greatest challenge was not far behind, with 54% citing managing personal data and sensitive information as a primary problem. The third-ranked top challenge reported by 50% of respondents was the continued rise in cyber-attacks.
When it comes to the threats themselves, financially motivated criminal gangs are viewed as the greatest IT security risk by 40% of respondents, while 29% are concerned about malicious insider threats, particularly as CISOs see these threats as extremely difficult to prevent.
Because they lack influence in the boardroom, CISOs reported that justifying the budgets needed to effectively protect the organization is difficult. Though the pressure to defend against cyber-threats continues to mount, CISOs are faced with significant budget challenges because they can’t guarantee a clear return on investment (ROI), the report said. As a result, 36% of CISOs are unable to secure the IT security budgets they need because they can’t promise that the spend will deliver 100% protection against cyber-attacks.
“Historically, cybersecurity budgets were perceived as a low-priority IT spend, but this is no longer the case,” said Maxim Frolov, vice president of global sales at Kaspersky Lab, in a press release.
“Today, cybersecurity risks are top of the agenda for CEOs, CFOs and risk officers. In fact, a cybersecurity budget is not just a way to prevent breaches and the disastrous risks associated with them – it’s a way to protect business continuity, as well as a company’s core profile investments.”