LevelBlue: CISOs challenged by cyber tradeoffs, AI implementation, and reactive budgets
LevelBlue today released the LevelBlue Accelerator: C-Suite Cyber Resilience Responsibilities, an analysis of C-level executives who are responsible for cyber resilience with their organizations.
The Accelerator is an in-depth look into data from the 2024 LevelBlue Futures Report, analyzing the dynamics among C-suite executives to better understand issues that prevent risk reduction, stall or complicate compliance, and create barriers to cyber resilience. Top findings include:
CISOs Pressured with AI, Cybersecurity Risk Tradeoffs, and Budget
While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.
Additionally, 73% of CISOs feel more pressure to implement AI strategies versus just 58% of CIOs and CTOs. These pressures pair with the fact that 66% of CISOs believe reactive budgets cause a lack of proactive cybersecurity measures, compared to 55% of CIOs and 53% of CTOs feeling the same way.
C-Suite Alignment Could Clarify Cybersecurity Priorities
CISOs expressed more concern about cybersecurity's operational and strategic challenges. The missing component is alignment among the different interests represented by the other roles: CTOs were concerned with the impact of compliance on innovation and competitiveness, aligning with their focus on technology development. Conversely, CIOs balance broader strategic perspectives, encompassing risk management, compliance, and adopting new technologies.
Based on roles, it is not surprising most CIOs (92%) are more inclined to embrace uncertainty concerning cyber threats, compared to 81% of CTOs and 75% of CISOs. These differences in tolerance are important to discuss when creating a cybersecurity strategy that considers business priorities.
“Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies,” said Theresa Lanowitz, Chief Evangelist of LevelBlue. “Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.”
Additional findings:
- CTOs view compliance as an obstacle to innovation. 73% of CTOs (compared to 55% CIOs and 61% CISOs) are concerned about regulations hindering competitiveness and are more likely to perceive compliance as an obstacle to innovation.
- The supply chain has hidden risks, and the importance of those risks varies. Nearly three in four CIOs (74%) and CISOs (73%) find it challenging to assess the cybersecurity risk from their supply chain, compared to only 64% of CTOs.
- C-Suite alignment on cloud computing supports cybersecurity resilience. There was little difference in the perception of cloud computing's ability to provide cybersecurity resilience among CIOs, CTOs, and CISOs, with 83%, 82%, and 80%, respectively, acknowledging its benefits. This consensus indicates a shared recognition among these executive roles of cloud solutions' value in enhancing cybersecurity.
The LevelBlue Accelerator provides best practices for improving cyber resilience for CIOs, CTOs, and CISOs, providing an actionable roadmap tailored to these executives. A full copy of the LevelBlue Accelerator: C-Suite Cyber Resilience Responsibilities can be downloaded here. This study follows the release of the 2024 LevelBlue Futures Report which can be found here.
For more information on LevelBlue’s managed security, consulting, and threat intelligence services, please visit www.levelblue.com.