New research shows that CISOs around the world are increasingly concerned about being sued if their organization experiences a successful cyber attack
a report from Salt Security surveyed 300 CISOs/CSOs from various industries to find the priorities, pain points, and security gaps experienced by security professionals.
The findings show that the unprecedented scale of digital transformation worries security professionals due to the potential unforeseen risks. And one of the biggest concerns from an individual perspective is the looming threat of lawsuits resulting from breaches.
Healthcare faces risks in its pursuit of innovation
One of the most worrying statistics to emerge from this survey shows that almost 90% of CISOs say digital transformation poses unforeseen risks, with almost half (47%) of those who responded ‘I agree very much agree’ from the healthcare sector.
A shortage of skilled security personnel continues to plague the security sector, with 40% of CISOs identifying this as the biggest challenge facing the sector. The report states: “New methods of security attacks and increasing risks require new qualifications. Furthermore, a lack of qualified talent also increases competition between companies to find and hire the right people.”
But when it comes to the personal challenges CISOs face, nearly half (48%) cite personal litigation as one of their top concerns as a result of rapid digital transformation. The responsibility that CISOs take on in an age of rapid technological advancement, while leading teams of understaffed and underqualified personnel, has led CISOs to demand insurance and assurance against liability.
Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, said: “In addition to upending many traditional security approaches, the digital-first economy has impacted many of us CISOs on a very personal level. The fact that my colleagues highlighted ‘concerns about personal lawsuits resulting from violations’ as their top personal concern should be alarming to everyone in the industry.”
He added that “qualified leaders may decide not to take on the role if organizations do not have the right cyber tools or processes in place, or if they feel the personal risk is too high.”
These fears are unlikely to be allayed anytime soon, given the recent news that SolarWinds is now facing a lawsuit from the SEC over its alleged failure to address security concerns prior to the breach it suffered in 2020.