The CISO or Chief Information Security Officer, a position that has grown increasingly important since the last decade, is quickly becoming a key role in almost all large enterprises today. Especially against the rapidly evolving threat landscape fuelled by emerging technologies maturity and ongoing economic headwinds, the need for a dedicated security professional to fortify cybersecurity and digital resilience is at the forefront of every business leader’s mind.
With organizations increasingly operating in the digital realm, the scope and scale of a CISO’s role today have grown markedly. Based on Splunk’s latest 2023 CISO Report, a staggering 89 percent of CISOs from the Asia Pacific (APAC) region reported that their role has changed so much that it was almost an entirely different job.
Data from our report also shows that the APAC region stands at the forefront of this evolution – with an impressive 94 percent of APAC respondents witnessing the transition of their roles from mere controllers to strategic architects. At the same time, almost 48 percent of CISOs in APAC are now reporting directly to their CEO. This shift in reporting illustrates how the CISOs’ roles are changing their focus toward the business and formalizing their executive roles. Forget about having a closer relationship with the C-suite – they are the C-suite.
A gaping chasm: Misaligned priorities pose a threat
Yet, despite this transformation, a critical misalignment between CISOs’ priorities and board directives persists. A shocking 33 percent of APAC respondents have reported scaling back their cybersecurity staff due to a lack of harmony with their board of directors. This misstep can leave companies exposed to devastating cyber breaches and attacks.
These days, cyber risk is business risk. Especially with the advent of emerging technologies such as AI and ChatGPT, the threat landscape to enterprises is growing more sophisticated by the day. The Cyber Security Agency of Singapore recently reported that ransomware continues to be a key concern in Singapore, with around one ransomware case reported every three days on average.
Similarly, our report also found that while all regions detected ransomware, respondents in APAC (64%) were more likely to experience an attack that significantly affected their systems and business operations. And though 83 percent globally opted to pay their attackers, APAC was notably the region most likely to pay US$1 million or more compared to the rest of the world. It’s imperative to note that if organizations continue to neglect the counsel of their CISOs, they could face not only financial losses but also grapple with potentially irreversible reputational and systemic damage.
Culture of resilience: Leveraging the expert and the tools
Risks to cyber security continue to evolve each day, and soon organizations might not be able to keep up thanks to the likes of AI, 5G, and the edge. Thus, leveraging the seniority and bolstered board relationships of CISOs is paramount in achieving a seamless alignment of cybersecurity priorities. Companies can fortify their defenses against evolving threats by capitalising on this strategic advantage.
Our latest report shows that with only 28 percent of APAC respondents saying that consistency with policies for security controls is a measure of success for their boards, there is much to improve for the region.
In tandem, leaders must continue to bolster their strategic investment to match the opportunities offered by the advent of technologies. Our report indicates that Generative AI applications herald an optimistic outlook in the region, with respondents in APAC expressing the most hope for it to be used as a defensive tool, with 24% believing that it would give them either a slight or significant advantage over cyber criminals. It stands to reason then, that respondents from APAC (23%) were most likely to be using generative AI for cybersecurity today, and the region most likely to establish governance policies for use cases (40%).
With the right tools, organizations could gain access to view across its infrastructure and application layers to identify, resolve and even detect issues earlier. Leaders who are taking a proactive approach to upgrading their arsenal by investing in technologies such as AI, observability tools, and edge solutions are at an advantage against the unpredictable future headwinds.
Resilience has no downside: High ROI
All organizations suffer from disruption, but those who invested in their critical digital resilience capabilities increased their chance to weather the unpredictable challenges brought by rising economic headwinds and economic instability. Findings from our Digital Resilience report earlier this year show that APAC enterprises who were ‘Advanced’ in getting their resiliency right save on average US$48 million annually in downtime costs compared to organizations who have just begun to look at building up their resilience capabilities. They are also 2.5 times more likely to be prepared for change as they have built a foundation of reliability and security that can tackle challenges such as economic recession and industry disruptions.
Here, Advanced organizations are ones who typically invested significantly in their observability capabilities – which means they have great visibility into their network and are thus more able to predict and prevent incidents using machine learning and auto-remediation. Their stronger observability capabilities enable them to drive better business outcomes, including top and bottom-line results.
Apart from withstanding challenges, growth is also possible with the right resilience capabilities in place. Advanced organizations report 2 times the rate of success of their digital transformation projects and bring forth sustainable impact to their businesses, are also more likely to meet or exceed their growth targets, and even reported stock price growth with Advanced organizations that are publicly traded reporting an 82 percent increase.
Fostering digital resilience: A collective imperative
Yet, true resilience can only be achieved through collaboration and must be embraced as a whole-of-organisation strategic objective. In fact, our report shows that 44 percent of CISOs in the Forbes Global 2000 have reported that greater cross-collaboration between security and IT operations tools and processes can better prevent issues from becoming major disasters.
This further underlines how leaders today need to look at unified solutions to accelerate a seamless and integrated digital transformation across the organization, which can be pivotal to survive and thrive during tumultuous times. With CISOs now having a bigger seat at the table, security leaders can use their growing platform to create the change they want to see in the industry – The board is listening.
Robert Pizzari is a business and technology leader and worked across several leading technology organizations over his 26-year career. He has a passion for Cyber Security and has dedicated himself to helping organizations deal with the complexities arising from Nation State and financially motivated threats and adversaries.
As the Vice President of Security for APAC at Splunk, Robert is focused on helping organizations in the modernization of security operations, threat intelligence, behavioral analytics, automation, orchestration, and response capabilities required to sustain a modern security posture.
Prior to Splunk, Robert was at Check Point, where he led the Top 35 Global Accounts (Fortune 100) at Check Point across APAC and held multiple leadership positions in his previous tenure with FireEye,
Trustwave, F5, and Cisco.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Artificial Intelligence (AI) and Human Intelligence (HI) in the future of education