96% of CISOs Struggle to Get the Support Required to Be Resilient Against Cyber Attacks

Latest Research by New Trellix Uncovers How CISOs Are Positioned to Fight Back Against Cyber Criminals

Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), will highlight new research and insights on stage at the 2023 RSA Conference. Released today, “The Mind of the CISO” research is the result of a survey of global Chief Information Security Officers (CISOs) across every major industry and reveals how they work amidst a tumultuous threat landscape, which business functions hold them back, and what they need to be successful.

“Our research shows CISOs are motivated by a mission to protect. Yet, CISOs tell us they feel unsupported, unheard, and invisible,” said Bryan Palma, CEO of Trellix. “I’ve been a CISO, it can be the loneliest position in tech," Palma continued, “Now is the time, with AI in the hands of both good and bad actors, to revolutionize SecOps strategies and fight back against criminals. We need to empower our CISOs to win every time.”

The research revealed key pain points CISOs experience, including:

• Not enough support. 96% struggle to get support from the executive board for the resources needed to maintain cybersecurity strength. Nearly half think their jobs would be easier if all employees across the entire business were better aware of the challenges of cybersecurity. In addition, one third of CISOs cite a lack of skilled talent on their team as a primary challenge.

• The pressure is high. 86% have managed a major cybersecurity incident once, and 4 in 10 more than once. 72% of respondents feel fully or mostly accountable for the incidents and 43% experienced major attrition from the Security Operations team as a direct result.

“It’s quite stressful because it is something where we say you have to be right all of the time. The bad guys only have to be right once...” shared a CISO of a US-based healthcare organization.

• Working with too many of the wrong solutions. With organizations reporting using an average of 25 individual security solutions, 30% say a top hurdle is having too many pieces of technology without a sole source of truth. CISOs can find the number of security solutions available to them overwhelming, unnecessary, and challenging.

• The right solutions would make a difference. 94% agree having the right tools in place would save them considerable time. 44% want access to a single integrated enterprise tool to optimize security investments.

“We get tool exhaustion at some places where money is just thrown at tools and they’re only using a quarter of it,” said a CISO in the U.S. Public Sector. “So having a unified security tool, that’s been built and understood by security people and CISOs and analysts and engineers, that understand their day-to-day work and activities when it comes to certain things, is I think, something that’s missing...”

At the latest RSA 2023 Conference, Bryan Palma will deliver a keynote “SIEM There, Done That: Rising Up in the SecOps Revolution” where he will discuss how the industry must innovate to support organizations’ fight against cybercriminals and support CISOs by re-imagining the SOC of the future.

Methodology

The Trellix study, conducted by Vanson Bourne, surveyed more than 500 global CISOs from companies with a minimum of 1,000 employees in the US, UK, France, Germany, Australia, India, Singapore, UAE, and Saudi Arabia. Industries covered include energy & utilities, healthcare, public sector, manufacturing & production, financial services, retail, distribution & transport, and business & professional services.