International. Dynatrace released its annual CISO survey. This year, the global report reveals that organizations are struggling with internal communication barriers that hinder their ability to address cybersecurity threats.
The results indicate that CISOs find it difficult to drive alignment between security teams and senior management (C-level executives, Chief Officers), leaving gaps in the organization's understanding of cyber risk. As a result, they are more exposed to advanced cyber threats at a time when AI-driven attacks are on the rise.
The Mexican Market and Cybersecurity
The report, commissioned by Dynatrace and conducted by Coleman Parkes between March and April 2024, is based on a global survey of 1,300 CISOs and ten interviews with CEOs and CFOs of companies with more than 1,000 employees.
50% of CISOs in Mexico say there is a regular requirement to inform the CEO and board of directors about their cybersecurity risk and compliance posture. 66% of CISOs say their security tools have limited ability to generate insights that the CEO and board can use to understand business risks and prevent threats.
Mexican CISOs ranked their organizations' top priorities for cybersecurity management as follows:
- Application security (i.e., vulnerability management).
- Crisis management and response (i.e., data leakage and media focus).
- Internal risk management/oversight (i.e., use of mobile devices).
- 50% of organizations have experienced an application security incident in the last two years.
- 90% of CISOs say application security is a blind spot at the CEO and board level.
- 78% of CISOs say DevSecOps automation will be essential to their ability to stay on top of
- emerging regulations such as the SEC's cybersecurity mandate such as NIS2 and DORA.
- 92% of CISOs say DevSecOps automation is even more important for managing the risk of AI-introduced vulnerabilities.
- 64% of CISOs struggle to drive DevSecOps automation due to their reliance on multiple application security tools.
- Only 16% of CISOs say their organization has mature DevSecOps automation practices.
Findings from a global perspective
Lack of alignment between the C-level and the board of directors leads to cyber risks. CISOs struggle to drive alignment between security teams and C-suite; 87% of CISOs say application security is a blind spot at the CEO and board level.
Security teams are too technical. Seven out of ten C-suite executives interviewed say security teams speak in technical terms without providing business context. However, 75% of CISOs highlight that the problem stems from security tools that can't generate insights that C-level executives and boards can use to understand business risks and prevent threats.
AI is powering more advanced cyber threats. Addressing this technology and communications gap is becoming more critical as the rise of AI-driven attacks and cyber threats significantly increase business risk.
Against this backdrop, nearly three-quarters (72%) of CISOs say their organization has experienced an application security incident in the past two years. These incidents carry significant risk, and CISOs highlight the common consequences they've experienced including revenue impact (47%), regulatory fines (36%) and loss of market share (28%).
"Cybersecurity incidents can have devastating consequences for organizations and their customers, which is why the issue has rightly become a critical concern at the board level," said Bernd Greifeneder, CTO of Dynatrace. "However, many CISOs struggle to drive alignment between security teams and senior management because they can't bring bit-and-byte conversation to specific business risks. CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimizing their exposure to risk."
The report, 'The State of Application Security in 2024: The Imperative to Drive Greater Alignment Between the CISO, CEO, and Board', is available for download online.