What is a CISO's biggest concern? Being sued, apparently

Stressed worker
(Image credit: Shutterstock)

New research has claimed CISOs across the globe are increasingly worried about being sued if their organization suffers a successful cyberattack

A report from Salt Security surveyed 300 CISOs/ CSOs across a range of industries to find the priorities, pain points and security gaps experienced by security professionals.

The findings show that the unprecedented scale of digital transformation is worrying security professionals due to the potential unforeseen risks. And one of the main concerns from an individual perspective is the looming threat of litigation as a result of breaches.

Healthcare facing risks in the pursuit of innovation

One of the most worrying statistics to emerge from this research shows that nearly 90% of CISOs say that digital transformation introduces unforeseen risks, with close to half (47%) of those who responded ‘Very much agree’ from the healthcare industry.

A shortage of skilled security workers is still plaguing the security industry, with 40% of CISOs reporting it as the top challenge facing the industry, with the report stating, “New methods of security attacks and increasing risks require new qualifications. In addition, a lack of qualified talent also increases competition across companies to find and hire the right people.”

But when it comes to the personal challenges faced by CISOs, almost half (48%) listed personal litigation as a leading concern as a result of rapid digital transformation. The responsibility that CISOs take on during a time of such rapid technological progress while leading teams of under-staffed and under-qualified workers has resulted in CISOs requesting insurance and security from liability.

Mike Towers, Chief Digital Trust Officer at Takeda Pharmaceuticals International, said “In addition to upending many traditional security approaches, the digital-first economy has impacted a lot of us CISOs on a very personal level. The fact that my peers highlighted ‘concerns over personal litigation stemming from breaches’ as their top personal concern should be alarming to everyone in the industry.” 

He added that, “qualified leaders may decide not to pursue the role if organizations don’t have the right cyber tools or processes, or if they consider the personal risk too high.”

Those fears are not likely to be allayed anytime soon, given the recent news that SolarWinds is now facing a lawsuit from the SEC for its alleged failings to address security concerns prior to the breach it suffered in 2020.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focussing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.