Study shows organizations prioritize cost savings over client privacy
A study conducted by Bugcrowd has revealed that 1 out of 3 security leaders believe that half of organizations are willing to compromise their customer’s privacy in order to cut costs. The report surveyed over 200 security leaders worldwide to gain a deeper understanding of the role of the CISO. Some of the key findings include:
- 91% of security leaders predict that AI will surpass the capabilities of security teams.
- 56% of respondents acknowledge that their teams are understaffed, with 87% currently looking to hire more staff.
- Due to the adoption of AI, 70% of organizations plan to reduce the size of their security teams in the next 5 years.
Insights from Security Leaders
Gareth Lindahl-Wise, Chief Information Security Officer at Ontinue:
“The Bugcrowd report sheds light on the tensions within the industry, particularly surrounding the CISO role. It’s time to shift focus from ‘protecting what is valuable’ to ‘protecting what will be attacked’. Utilizing crowdsourcing and AI to identify real-world attack targets can help optimize limited resources for better results.
“The concern raised in the report about AI outpacing management capabilities is a stark reality. Many governance processes struggle to keep up, and a greater emphasis will be placed on recognizing and addressing issues as they arise.
“CISO burnout is a relatable issue, as they often find themselves balancing business growth pressures against potential risks. It’s crucial for security professionals to effectively communicate the likelihood of risks to gain business understanding and make informed decisions.
“The goal is for risk acceptance to be a conscious and well-informed decision. However, corporate memory lapses during incidents can often result in blame being directed at the CISO, contributing to short tenures and burnout.”
Mr. Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens:
“The Bugcrowd report highlights a concerning state of cybersecurity. Only 18% of security leaders prioritize ‘avoiding breaches at all costs’, while more than 30% aim to ‘build a security brand’ for competitive advantage, which may be an unrealistic goal. The best promise an enterprise can provide is being ‘Breach Ready’. Though AI offers speed and efficiency, the future may lie in Autonomous Cyber Defense through automation and AI.”
George Jones, Chief Information Security Officer at Critical Start:
“The role of the CISO is evolving, with modern CISOs not only safeguarding organizational assets but also playing strategic roles in business decisions. Collaboration with other executives like CIOs and CSOs is becoming more common to adopt a holistic approach to security.
“The journey to becoming a CISO varies, with leaders coming from diverse backgrounds and holding multiple roles in their careers. Offensive security experience is increasingly valuable for providing unique insights into attack vectors and defense strategies. Education and experience play key roles in preparing CISOs for their multifaceted responsibilities.
“As the challenges faced by CISOs evolve, a robust and adaptable approach is necessary. Security is becoming a crucial competitive advantage, and CISOs must navigate complex threats, leverage AI, and foster security cultures within their organizations.”
Piyush Pandey, CEO at Pathlock:
“CISOs face challenges from C-Suite disconnects, personal liability, and reputational risks due to increased transparency requirements for data breaches. Without appropriate resources and support, handling daily security operations can be overwhelming. The future outlook for CISOs depends on how organizations address industry challenges, prioritize security, and integrate CISOs into strategic planning.”
“Boardrooms and C-Suite Executives must collaborate with CISOs, understand the threat landscape, and celebrate security successes to enhance awareness and teamwork in cybersecurity.”
