Chief information security officers (CISOs) are struggling to manage cybersecurity effectively due to a lack of strategic support from other C-suite executives, according to a LevelBlue survey of 1,050 C-suite and senior executives.
Nearly three-quarters (73%) of CISOs surveyed expressed concerns over cybersecurity becoming unmanageable, necessitating risky tradeoffs, a sentiment shared by only 58% of chief information officers (CIOs) and chief technology officers (CTOs).
Additionally, CISOs are feeling heightened pressure to implement AI strategies, with 73% reporting this stress compared to just 58% of their CIO and CTO counterparts.
CISOs are particularly concerned about the operational challenges and resource constraints that accompany AI integration into cybersecurity frameworks.
“They must navigate tradeoffs between leveraging AI’s capabilities, such as its ability to analyze large volumes of data for potential threats, or its speed in identifying and responding to security incidents,” explained LevelBlue chief evangelist Theresa Lanowitz.
She added the CISO must also ensure it does not inadvertently expose the organization to new vulnerabilities or regulatory compliance risks.
This strain is compounded by the fact that 66% of CISOs believe reactive budgeting hampers proactive cybersecurity measures, a view echoed by 55% of CIOs and 53% of CTOs.
CISOs are particularly worried about the operational and strategic challenges of cybersecurity, while CTOs are more focused on how compliance might stifle innovation.
About three-quarters (73%) of CTOs surveyed said they see regulations as a barrier to competitiveness, compared to 55% of CIOs and 61% of CISOs.
Moreover, 74% of CIOs and 73% of CISOs said they find it challenging to assess cybersecurity risks within their supply chains, while only 64% of CTOs share this concern.
However, there appeared to be consensus on cloud computing, with 80% of CIOs, CTOs and CISOs agreeing on its role in enhancing cybersecurity resilience.
Lanowitz said CISOs are uniquely tasked with operationalizing cybersecurity measures and balancing the integration of AI technologies while safeguarding against evolving threats.
“Unlike CIOs and CTOs, who focus on broader strategic planning and technological innovation, CISOs are immediately responsible for implementing robust security protocols,” she said.
This operational burden places them at the forefront of assessing how AI implementations could introduce vulnerabilities or disrupt existing security frameworks.
She said improved alignment within the C-Suite can provide clearer guidance on cybersecurity priorities by fostering a unified approach to risk management and operational resilience.
“When CIOs, CTOs and CISOs collaborate closely, they can prioritize investments in cybersecurity technologies that mitigate risks effectively while supporting business objectives,” Lanowitz said.
This alignment reduces ambiguity and ensures that resources are allocated strategically, alleviating some of the pressure on CISOs to make unilateral decisions.
She explained CIOs typically embrace uncertainty surrounding cyber threats because they view risk management through a broader strategic lens.
“Their role focuses on balancing the adoption of new technologies with comprehensive risk assessments, encompassing a wide range of potential threats and scenarios,” she said.
This broader perspective allows CIOs to navigate uncertainties more adeptly, integrating risk management into strategic planning and innovation initiatives.
From Lanowitz’s perspective, executive leadership must synchronize their strategies with IT and cybersecurity goals to improve alignment.
“Enhanced communication and collaboration across the C-Suite ensures that everyone is aligned on strategic objectives, breaking down silos and fostering a unified approach,” she said.
She noted integrating cybersecurity and IT priorities into the broader business strategy aligns technological advancements with security needs, reducing potential conflicts between innovation and protection.
Additionally, proactive investment in cybersecurity is essential for securing necessary budget allocations, preparing the organization for emerging threats, and alleviating the pressure on CISOs to manage risks reactively.
Lanowitz said assessing cybersecurity risks within the supply chain presents challenges due to the complexity and interdependencies of external partners and vendors, noting that CISOs and CIOs are met with varying cybersecurity standards across suppliers and limited visibility into third-party security practices.
“These challenges underscore the need for robust risk assessment frameworks, ongoing monitoring and collaborative efforts to enforce consistent security standards across the entire supply chain,” she said.
Recent Articles By Author