Breaches decline as security culture improves

The latest Security Maturity Report, published today by ClubCISO, shows 76 percent of CISOs reported no material breaches over the past year, up from 68 percent in 2022.

Despite the difficult economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 60 percent of those surveyed say that no material cyber security incident had occurred in their organization over the past 12 months.

80 percent of respondents say they believe that their organization's security culture has improved to some degree in the last year. Proactive 'report it' no-blame policies (41 percent), simulated phishing (38 percent) and tailored training (37 percent) remain as the key drivers of security culture.

Rob Robinson, Head of Telstra Purple EMEA, sponsors of the ClubCISO community says, "The results from the members survey reinforce what we've been seeing in the market for some time now -- security strategies need to be built around people to be truly effective. It seems that the decline in material cyber breaches is linked to the people and cultural improvements -- a huge 80 percent of CISOs suggested that their organization's security culture had developed positively over the last year. The fact that leadership endorsement is also being highlighted as a critical factor for establishing an effective security posture also recognises the progress CISOs have made at the very highest levels of business. Strong security is now clearly seen as a key corporate capability and that is in large part due to the voice CISOs have developed at the C-level."

But despite this CISOs on average rate their organization's overall security posture lower than they did over the previous year. Last year, 46 percent rated themselves as above average (at least four out of five stars) while this year, only 38 percent rated themselves the same. Additionally, more than 13 percent of respondents don't feel confident that their organisation will be able to meet key security objectives -- an exact repeat of last year's result.

Compared to the previous year, 67 percent of CISOs say they have stronger alignment with the executive team (59 percent in 2022) and 54 percent with the board (49 percent in 2022).

ClubCISO advisory board member, Jessica Barker, says, "Our findings this year acknowledge the crucial role that leadership endorsement plays in security culture. Cyber security has been rising up on the corporate agenda for a few years now, but this stronger alignment between security teams and senior leadership is very encouraging progress. Without tone (and resource) from the top, building a healthy security culture will always be more challenging."

The full report is available from the ClubCISO site.

Photo credit: Den Rise / Shutterstock