1. CISO job satisfaction is linked to board engagement: IANS
The annual CISO survey from security research firm IANS found that job satisfaction is correlated with how frequently CISOs engage with their board. Only 28 per cent of CISOs without board engagement say they are satisfied with how leaders handle security budget requests; for CISOs who have at least infrequent or ad hoc board contact, that figure is 57 per cent.
2. GenAI, focus on behaviour change among 2024 cybersecurity trends
Gartner predicts that the top cybersecurity trends in 2024 include the emergence of generative AI (GenAI) as a mainstream capability, the growing adoption of outcome-driven metrics as part of an organisation’s cybersecurity strategy and an increased focus on behavioural change as a way to reduce cybersecurity risks. “It’s important to recognise that this is only the beginning of GenAI’s evolution, with many of the demos we’ve seen in security operations and application security showing real promise,” said Richard Addiscott, senior director analyst at Gartner.
3. White House report calls for making future software ‘memory safe’
Technology manufacturers could prevent entire classes of cyber vulnerabilities by using memory-safe programming languages, according to a report from the US White House Office of the National Cyber Director. Many of the most infamous cyber events of the 21st century had a common root cause: memory safety vulnerabilities, noted Anjana Rajan, assistant national cyber director for technology security.
4. AI use by bad actors puts majority of UK organisations at risk
The growing use of AI by criminals is increasing security risks for organisations across the UK, according to a report released by Microsoft. The report, prepared in collaboration with Chris Brauer at Goldsmiths, University of London, found that 87 per cent of UK organisations are vulnerable to cyber attacks, with 39 per cent classed as “at high risk”. The report also finds that 27 per cent of UK organisations are currently using AI to strengthen their cyber security.
5. Half of all UK businesses experienced breach or cyberattack in past 12 months
In the UK, 50 per cent of businesses and 32 per cent of charities reported experiencing some kind of cybersecurity breach or attack over the previous 12 months, according to the latest cybersecurity breaches survey from the UK Department for Science, Innovation & Technology. Phishing is the most common type of attack, followed by organisation impersonation and viruses/malware.
6. Survey finds communication gap around CISO’s role in an organisation
In a survey of 787 C-suite executives, FTI Consulting found that 66 per cent of CISOs believe that senior leadership does not fully understand the nature of a CISO’s role within the organisation. The survey also found that 82 per cent of CISOs feel that they need to make things sound better than they really are when speaking to the board and 58 per cent say they struggle to communicate technical concepts in a way that senior leadership can understand.
7. Cybersecurity remains the top risk for European banks
Eighty-two per cent of chief risk officers (CROs) at European banks say cybersecurity remains their top concern, according to the annual EY and Institute of International Finance (IIF) Bank Risk Management Survey. The survey also found that some 71 per cent of European CROs are concerned about cyber warfare between nation-states.
8. High levels of fatigue and burnout contribute to slower cybersecurity responses
In a survey of cybersecurity and IT professionals across Asia-Pacific and Japan, Sophos and Tech Research found that about 90 per cent reported feelings of fatigue or burnout. It also found that such feelings directly contributed to slower response times during security breaches, as well as to employee resignations.
9. McKinsey: Financial institutions need to consider tech risks
In a survey of financial institutions around the world, McKinsey and the Institute of International Finance (IIF) identified the top emerging technologies that such organisations are prioritising for investment and adoption. These include cloud and edge computing (84 per cent), applied AI (78 per cent), next-generation software development (73 per cent) and trust architectures/digital identity (70 per cent). “As financial services companies around the world race to keep pace with a rapidly evolving technology landscape, they should consider not only what benefits new emerging technologies offer but also what risks they introduce,” McKinsey noted.
