What is a CISO's biggest concern? Being sued, apparently

Stressed worker
(Image credit: Shutterstock)

New research has claimed CISOs across the globe are increasingly worried about being sued if their organization suffers a successful cyberattack

A report from Salt Security surveyed 300 CISOs/ CSOs across a range of industries to find the priorities, pain points and security gaps experienced by security professionals.

The findings show that the unprecedented scale of digital transformation is worrying security professionals due to the potential unforeseen risks. And one of the main concerns from an individual perspective is the looming threat of litigation as a result of breaches.

Healthcare facing risks in the pursuit of innovation

One of the most worrying statistics to emerge from this research shows that nearly 90% of CISOs say that digital transformation introduces unforeseen risks, with close to half (47%) of those who responded ‘Very much agree’ from the healthcare industry.

A shortage of skilled security workers is still plaguing the security industry, with 40% of CISOs reporting it as the top challenge facing the industry, with the report stating, “New methods of security attacks and increasing risks require new qualifications. In addition, a lack of qualified talent also increases competition across companies to find and hire the right people.”

But when it comes to the personal challenges faced by CISOs, almost half (48%) listed personal litigation as a leading concern as a result of rapid digital transformation. The responsibility that CISOs take on during a time of such rapid technological progress while leading teams of under-staffed and under-qualified workers has resulted in CISOs requesting insurance and security from liability.

Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, said “In addition to upending many traditional security approaches, the digital-first economy has impacted a lot of us CISOs on a very personal level. The fact that my peers highlighted ‘concerns over personal litigation stemming from breaches’ as their top personal concern should be alarming to everyone in the industry.” 

He added that, “qualified leaders may decide not to pursue the role if organizations don’t have the right cyber tools or processes, or if they consider the personal risk too high.”

Those fears are not likely to be allayed anytime soon, given the recent news that SolarWinds is now facing a lawsuit from the SEC for its alleged failings to address security concerns prior to the breach it suffered in 2020.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism Ben worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league.

He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.