CXOs Not Confident of Security Readiness

A survey conducted across the world reveals that only about a quarter of the C-suite executives believe that their companies have top notch security readiness where resilience is also high. However, what comes as a positive is that zero trust is fast becoming an operational imperative across most of these companies around the world. 

The survey comprising 1200 C-suite leaders from across the world, was conducted by Palo Alto Networks, across multiple industries and included CTOs, COOs, CSOs and CIOs among others. Most of those surveyed (96%) revealed that their companies had been exposed to at least one security incident or a breach in the past 12 months. 

The report said 57% of those surveyed reported three or more such incidents over the past year and indicated that ransomware and business emails were amongst the source of most attacks. Other avenues included phishing attacks and software vulnerabilities, which the report said, are likely to be the top means of gaining access to company data. 

To a question about the top security-related priorities, those surveyed said data protection and privacy at the top of the list followed by the automation of threat detection and response as well as enhancing security operations and efficiency. The report pointed out that companies were prioritizing these measures to address their major challenges. 

These included a paucity of skilled employees in the cybersecurity, an increase in data management and perimeter complexities and a continuous lack of alignment between the security requirements and the changes in their tech stack. The report highlighted the value of zero-trust adoption stating that zero trust has now moved from a security concept to an operational imperative for companies. 

The CXOs who took the survey also listed out the main reasons to implement zero-trust strategies. While 52% of the respondents felt the growing supply chain or vendor ecosystem to be a top priority, 49% felt that sophistication and frequency of attacks were a key factor while 47% chose the growing prevalence of a hybrid workforce. 

However, there was near consensus on the challenges faced by organizations on the path to security readiness with 98% of respondents citing lack of in-house experience and lack of clarity on where to start and what to prioritize. They also felt lack of qualified vendors providing integrated and total solutions was a major hurdle in their quest.

On the question of cloud security, the report said 67% of the companies used one or two cloud service providers while 33% had between three to five of them. Close to half of the respondents had plans to increase investments in software firewalls on both public and private clouds in the near future. 

When it came to concerns on public clouds, the respondents marked code vulnerabilities introduced by developers (38%) as a major challenge, followed by runtime threat detection and prevention (34%) with issue of monitoring identity and privileged access coming a close third with 34% of them listing it as an issue in their companies. 

In addition, the report also said companies were now deploying web applications and API security (37%) that required developers to use code security and scanning tools besides the deployment of virtual to protect cloud application perimeters.