90% firms experienced cyberattacks; 83% opted to pay attackers: Report

The 2023 Chief Information Security Officers (CISO) report found that 86% security officers believe generative AI could bridge skill gap in their security teams

A Splunk Inc report highlighted the growing threat of ransomware attacks, with a staggering 90 per cent of organisations experiencing at least one disruptive cyber-attack in the past year. Alarmingly, 83 per cent of these organisations opted to pay the attackers following a ransomware incident, with over half of them shelling out a minimum of $100,000.

Vulnerable industries

The report found that vulnerable sectors included financial services (59 per cent), retail (59 per cent), and healthcare (52 per cent). Among these sectors, the retail industry emerged as the most likely sector to succumb to ransom demands, with 95 per cent of respondents admitting to making payments directly or through cyber insurance or a third party.

Increasing importance of CISOs and security funding in organisations

Forty-seven per cent of organisations revealed that CISOs now report directly to the CEO, indicating a more direct relationship with the C-Suite and governing boards. Governing boards have increasingly turned to CISOs for guidance in cybersecurity strategy, presenting an opportunity for CISOs to showcase their value and bridge communication gaps.

90 per cent of CISOs also stated that their governing boards now emphasise different key performance indicators (KPIs) and security metrics compared to two years ago. 

Despite economic challenges impacting various sectors, 93 per cent of CISOs expect an increase in their cybersecurity budgets in the coming year. However, 83 per cent noted that other areas of their organisations experienced budget cuts, reflecting the trade-offs made to bolster cybersecurity in the face of growing threats coinciding with economic downturns.

Generative AI: A game-changer

One of the report's key findings is the growing significance of generative AI in cybersecurity. Eighty-six per cent of surveyed CISOs believed that generative AI could bridge the existing skills gaps and talent shortages within their security teams

Challenges of generative AI

However, 70 per cent of CISOs expressed concerns that this technology could potentially provide cyber adversaries with more opportunities to launch attacks. Yet, 35 per cent of the surveyed CISOs are already experimenting with generative AI for various cyber defense purposes, including malware analysis, workflow automation, and risk scoring.

Sectors like healthcare (88 per cent), manufacturing (76 per cent), and financial services (72 per cent) voiced the most significant fears regarding the advantages generative AI might offer to cyber adversaries. To mitigate these risks, 51 per cent of CISOs in financial services planned to implement specific cybersecurity controls to counter AI-related security risks. Furthermore, 93 per cent of CISOs have extensively or moderately implemented automation into their processes to bolster cybersecurity measures.

Upon the release of the 2023 CISO report, Splunk Inc's CISO, Jason Lee said, "These relationships provide CISOs the opportunity to become champions who strengthen an organisation's security culture and lead teams to become more cross-collaborative and resilient. By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defence management and prepare for the future."