What is a CISO's biggest concern? Being sued, apparently

News
By published

Personal litigation is the leading concern among CISOs, which could drive down the quality of security teams

Stressed worker
(Image credit: Shutterstock)

New research has claimed CISOs across the globe are increasingly worried about being sued if their organization suffers a successful cyberattack

A report from Salt Security surveyed 300 CISOs/ CSOs across a range of industries to find the priorities, pain points and security gaps experienced by security professionals.

Article continues below

Healthcare facing risks in the pursuit of innovation

One of the most worrying statistics to emerge from this research shows that nearly 90% of CISOs say that digital transformation introduces unforeseen risks, with close to half (47%) of those who responded ‘Very much agree’ from the healthcare industry.

A shortage of skilled security workers is still plaguing the security industry, with 40% of CISOs reporting it as the top challenge facing the industry, with the report stating, “New methods of security attacks and increasing risks require new qualifications. In addition, a lack of qualified talent also increases competition across companies to find and hire the right people.”

But when it comes to the personal challenges faced by CISOs, almost half (48%) listed personal litigation as a leading concern as a result of rapid digital transformation. The responsibility that CISOs take on during a time of such rapid technological progress while leading teams of under-staffed and under-qualified workers has resulted in CISOs requesting insurance and security from liability.

Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, said “In addition to upending many traditional security approaches, the digital-first economy has impacted a lot of us CISOs on a very personal level. The fact that my peers highlighted ‘concerns over personal litigation stemming from breaches’ as their top personal concern should be alarming to everyone in the industry.” 

He added that, “qualified leaders may decide not to pursue the role if organizations don’t have the right cyber tools or processes, or if they consider the personal risk too high.”

Those fears are not likely to be allayed anytime soon, given the recent news that SolarWinds is now facing a lawsuit from the SEC for its alleged failings to address security concerns prior to the breach it suffered in 2020.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.