The ninth annual Information Security Maturity report, published by ClubCISO in collaboration with Telstra Purple, finds organisational security has significantly improved over the last year, following positive shifts in organisational influence by CISO’s and changing attitudes towards security culture
Informed by a survey of more than 100 information security leaders from both private and public organisations around the world, the report highlights a reduction of material incidents – those resulting in significant changes to financial position, operational disturbances, or compromised data – which coincides with the growing importance and influence of CISOs in their respective organisations.
In addition, 67% of CISOs responding to the survey said their organisations had increased their information security budgets compared with last year, and for one-fifth of respondents, budgets had increased by more than 50%.
Stephen Khan, Chair of the ClubCISO Advisory Board said, “As we move further away from the Pandemic, what this report makes clear is that much of the groundwork to bolster security has been done. Collectively, CISOs have made security a company-wide concern and the business case for it, not only in our respective businesses but also across our supply chains, has never been stronger.”
He went on, “our findings show that CISOs are now in the driving seat with extended influence and increased budgets, and are better positioned to deal with an increasingly complex and dynamic threat landscape.”
Against the backdrop of heightened security concerns from state actors and emboldened cyber-criminals, 91% of the CISOs surveyed said they had accelerated their cyber-security tactics in the last year. Of note, the number of organisations now actively working on third-party (i.e., supply chain) management nearly doubled compared with 2021.
Physical security programmes, enabling remote access and additional outsourcing ranked the lowest in this regard, whilst over half of CISOs (52%) suggested they were focusing on policies, governance and frameworks to accelerate their cyber security strategies. The findings clearly highlight a formalisation of the strategies that were adopted in the aftermath of the Pandemic.
As the industry gets on the front foot to deal with an ever-evolving macro-environment, talent continues to be a priority for CISOs. Nearly two-thirds (65%) of CISOs suggested that they are actively seeking to recruit from diverse backgrounds. And whilst the ‘best recruits’ continue to come from ‘technology or engineering’ and ‘other infosec industry sources’, 42% felt their best recruits came from ‘risk management’ and 31% answered ‘other non-infosec sources’, not including security graduates or apprenticeships.
Rob Robinson, Head of Telstra Purple EMEA which powers the ClubCISO private members club said, “It is great to see the annual survey and report becoming a vital barometer of infosec maturity globally. In a period of significant turbulence, CISOs have helped steady the ship, but it is exactly for this reason that they too have a community of peers they can rely on to stress-test ideas and lean on for support.
“We’re proud to see the significant achievements of our CISO members and their organisations in the past year and look forward to continuing our support for ClubCISO as a way to help shape the future of the profession.”