‘The C-Suite Report’ Simplified: 4 Key Takeaways
The recently published “The C-Suite Report: The Current and Future State of Cybersecurity” by Forcepoint in partnership with WSJ Intelligence has unearthed a treasure trove of important and interesting insights on how CEOs and CISOs of some of the world’s largest companies see the present and the future of cybersecurity.
In this article, we will discuss some of the most impactful findings of the research and how they can impact the industry as a whole.
About the C-Suite Research
The research involved about 200 CEOs and CISOs from large companies, 80% of them with annual revenue of more than $2 billion. More than half of the participants were from Europe (55%), followed by the U.S. (25%) and APAC (21%). A number of industries are represented nearly equally (between 12% and 15%):
- Life sciences.
- Health care.
- Manufacturing.
- Finance.
- Transportation.
- Retail.
- Energy.
- Telecom.
It should be pointed out that the research was done in 2019, so it does not take into account the COVID-19 pandemic.
Takeaway 1: Cybersecurity Is a Priority
The fact that cybersecurity is seen as a priority is not really a big surprise, but it is somewhat surprising to see such a huge portion of participants marking it as a high or top priority. CEOs and CISOs (93% both) see cybersecurity as either a high priority or the top priority.
Leaders in companies with annual revenue of more than $10 billion see cybersecurity as the top priority more than those with annual revenue of less than $10 billion (93% to 84%).
The only real surprise here is the markedly lower percentage of U.S. leaders (86%) who see cybersecurity as a priority compared to the rest of the world (~95%).
The business value of cybersecurity is finally seen as excellent, especially by CEOs (68%).
Takeaway 2: Confidence Is High
In addition to understanding the importance of cybersecurity for their companies, the vast majority of leaders who participated in the research are also very confident about how their organizations fare in terms of digital/cybersecurity.
Of note is that CISOs are more confident than CEOs when compared to their peers in terms of:
- Their organizations’ digital maturity (87% to 77%).
- The effectiveness of cybersecurity (87% to 74%).
- Cybersecurity talent (83% to 66%).
Interestingly, CEOs are more confident about their own cybersecurity measures when compared to the rest of their industry (60% compared to 54% of CISOs).
Perhaps the most surprising, even with all this confidence more than 70% of participants somewhat or strongly agree that the possibility of a cybersecurity breach keeps them up at night. This only serves to show how bad cybersecurity breaches have become.
Takeaway 3: Priorities Depend on Geography
According to the survey results, companies from different parts of the world have different cybersecurity priorities.
The participants were given bipolar choices on a number of issues to identify their priorities quantitatively:
- Increase agility versus reduce costs.
- Protect customer data versus protect organization IP.
- Inside out (employee behavior) versus outside in (keeping out the intruders).
- Open and collaborative work environment versus zero trust.
- Safeguard most valuable assets versus protect everything.
One would expect that responses wouldn’t depend too much on where the company is based, but they did.
For example:
- U.S.-based participants were far more likely to say that they put their focus on protecting everything than participants from other parts of the world (62% to 49% for the rest of the world).
- European participants were the opposite, focusing far more on safeguarding the most valuable assets (61% to 51% for the rest of the world).
- European participants were also most adamant about protecting customer data (64% to 58% for the rest of the world), probably due to GDPR.
As for executives from the APAC region, the most obvious difference from the rest of the world is their focus on organization IP (61% to 42% for the rest of the world). Whether this is an effect of less stringent customer data protection regulations or something else is definitely a topic that deserves more research.
Takeaway 4: Future Efforts
The report also looked at future plans and points of focus for companies.
According to the results, artificial intelligence solutions and applications are seen as less attractive for the majority of participants in comparison to behavior-based policy enforcement, biometric authentication and tokenization. This is especially true for CEOs, only 29% of which see AI as a point of focus for their future cybersecurity efforts.
Whether this has to do with AI’s major blindspot (not knowing how it makes decisions) or a general disillusionment with overhyped AI in cybersecurity marketing is also something that deserves more attention in the future.
‘The C-Suite Report’ in Conclusion
This is only scratching the surface of what “The C-Suite Report” discovered—there is a lot more for anyone interested in cybersecurity to analyze. Consider this a starting point.
