A few months ago we had the privilege of welcoming 130 esteemed CISOs from prominent enterprises worldwide to the vibrant city of Tel Aviv for Team8’s CISO Village Summit. It was an incredible gathering of top cybersecurity leaders, fostering collaboration and knowledge sharing, and thought-provoking discussions on the ever-evolving challenges in the cybersecurity landscape and the innovative solutions and technologies needed to tackle them.
We are thrilled to publish a new report, which presents valuable insights and key takeaways from a survey we conducted during the summit, and the follow-up discussion held at the summit. The report delves into the emerging trends and challenges in the cybersecurity landscape while shedding light on how CISOs are dealing with budgetary constraints amidst a rapidly evolving threat landscape.
Budget Insights
In the face of economic and geopolitical uncertainties, cybersecurity departments are experiencing budgetary pressures. However, despite predictions suggesting otherwise, most cybersecurity budgets have shown resilience, with 56% of survey respondents reporting budget increases in 2023. This trend aligns with the global projection that cybersecurity spending continues to rise.
Coping with Budget Cuts
While the majority have managed to increase their cybersecurity budgets, around 19% of CISOs surveyed reported budget decreases. Interestingly, larger companies with over 100 cybersecurity employees and budgets exceeding $10 million were more susceptible to budget cuts. To safeguard against such cuts, CISOs must effectively communicate the direct impact of cybersecurity on business outcomes to C-suite executives and the board of directors. We believe that by formalizing strategic planning and benchmarking cybersecurity staff, CISOs can bridge communication gaps and protect their budgets.
Expanding Budget Lines
CISOs are eager to expand budget lines in certain areas, particularly Identity and Access Management (IAM) and Cloud Security solutions. With remote work becoming the norm and cloud adoption on the rise, IAM needs to evolve to support both on-premise and cloud environments. Cloud security solutions, including CSPM (Cloud Security Posture Management), CWPP (Cloud Workload Protection Platform), CIEM (Cloud Infrastructure Entitlement Management), DSPM (Data Security Posture Management) and the emerging category of CDR are also in high demand due to the spike in cloud usage.
Addressing Acute Organizational Problems
The survey highlighted some of the most pressing challenges faced by organizations, including Third-Party Risk Management, AI Security, and Insider Threats. The integration with countless amounts of third-party applications and infrastructure has amplified third-party risks, pushing CISOs to seek more efficient third-party risk management solutions.
As AI adoption increases, new security risks, that are not yet fully understood, emerge. Although GenAI has the potential to assist cyber defenders by focusing attention and intelligence on the attack surface, at the same time, attackers may exploit GenAI to identify vulnerabilities at a faster pace than defenders can effectively respond to. Some concrete examples of AI risks are the amplified risks associated with third-party Saas and the challenge is ensuring that the AI agent/model performs as intended. Additionally, human factors, such as insider threats and human errors, continue to be significant concerns for CISOs, leading to increased interest in insider risk management programs.
Unlocking ROI
One standout topic revolved around uncovering the best Return on Investment (ROI) strategies, tools, projects, and processes that CISOs had experienced in the past year. CISOs emphasized the impact of “cyber janitor” approaches, where cleaning up legacy environments and optimizing virtual machines resulted in enhanced efficiency and security within their departments. Other successful ROI strategies highlighted the importance of team building, training, and embedding security teams within development teams to “shift-left” and proactively address security concerns.
Personal and Professional Resilience
The summit’s theme of “personal and professional resilience” underscores the importance of addressing personal aspects like career development, personal growth, avoiding burnout, and building personal resilience for CISOs. Stress and burnout are significant concerns, and CISOs must focus on maintaining a work-life balance and fostering a positive work environment for their teams.
The Team8’s 2023 CISO Village Survey provided valuable insights into the challenges and opportunities faced by cybersecurity departments. To discover in-depth insights from this exclusive summit, download the full report now.