What is a CISO's biggest concern? Being sued, apparently
Personal litigation is the leading concern among CISOs, which could drive down the quality of security teams
New research has claimed CISOs across the globe are increasingly worried about being sued if their organization suffers a successful cyberattack
A report from Salt Security surveyed 300 CISOs/ CSOs across a range of industries to find the priorities, pain points and security gaps experienced by security professionals.
The findings show that the unprecedented scale of digital transformation is worrying security professionals due to the potential unforeseen risks. And one of the main concerns from an individual perspective is the looming threat of litigation as a result of breaches.
Healthcare facing risks in the pursuit of innovation
One of the most worrying statistics to emerge from this research shows that nearly 90% of CISOs say that digital transformation introduces unforeseen risks, with close to half (47%) of those who responded ‘Very much agree’ from the healthcare industry.
A shortage of skilled security workers is still plaguing the security industry, with 40% of CISOs reporting it as the top challenge facing the industry, with the report stating, “New methods of security attacks and increasing risks require new qualifications. In addition, a lack of qualified talent also increases competition across companies to find and hire the right people.”
But when it comes to the personal challenges faced by CISOs, almost half (48%) listed personal litigation as a leading concern as a result of rapid digital transformation. The responsibility that CISOs take on during a time of such rapid technological progress while leading teams of under-staffed and under-qualified workers has resulted in CISOs requesting insurance and security from liability.
Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, said “In addition to upending many traditional security approaches, the digital-first economy has impacted a lot of us CISOs on a very personal level. The fact that my peers highlighted ‘concerns over personal litigation stemming from breaches’ as their top personal concern should be alarming to everyone in the industry.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
He added that, “qualified leaders may decide not to pursue the role if organizations don’t have the right cyber tools or processes, or if they consider the personal risk too high.”
Those fears are not likely to be allayed anytime soon, given the recent news that SolarWinds is now facing a lawsuit from the SEC for its alleged failings to address security concerns prior to the breach it suffered in 2020.
More from TechRadar Pro
- Take a look at our comprehensive list of the best ransomware protection
- AI is making cyberattacks even smarter and more dangerous
- Investing in technology to boost efficiency
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.