CISOs uncover significant challenges in preparedness for new risks

Only 38% of CISOs across EMEA believe their cyber resilience state is mature, according to new research from Palo Alto Networks and IDC Research.

  • Thursday, 11th January 2024 Posted 11 months ago in by Phil Alsop

Across EMEA and LATAM, the research found that just 28% of CISOs regularly test their recovery plans and 40% of organisations feel confident in their ability to overcome a cyberattack without major disruption, highlighting the need to develop strategic initiatives and challenge existing toolkits to improve cybersecurity postures.

Surprisingly, just 21% of CISOs in the banking, financial services and insurance industry regularly test recovery plans, one of the lowest rates across verticals, despite it being one of the most heavily regulated sectors. However, with threat levels and market complexity increasing, CISOs have a difficult task. Talent shortage and lack of emerging security technology skills rank as the top challenges in achieving cyber resilience, both cited by 70% of respondents, followed by lack of correlation across multiple point products (52%).

The results show how, despite 78% of organisations in EMEA and LATAM acknowledging the significance of cyber resilience, fragmentation and demand for resources are preventing aspirations from aligning with reality.

Haider Pasha, Chief Security Officer, EMEA & LATAM, at Palo Alto Networks, the world’s cybersecurity leader, comments: “Despite moderate maturity levels across EMEA and LATAM, it’s surprising how few CISOs are equipped to regularly test their recovery plans. But CISOs face an uphill battle. On the one hand, geopolitical events and supply chain disruption are adding to the threat level, while on the other hand, a shortage of talent and relevant expertise all make implementing solutions and preparing to counter future attacks ever more challenging.”

The research uncovered surprisingly few differences between markets in Europe, Latin America and the Middle East. This shows a consensus that cyber resilience is mission-critical for businesses. Markets where cyber resilience is the biggest priority include the Kingdom of Saudi Arabia (48% of respondents), Spain (44%), Brazil (43%) and France (42%). Some European markets, including Germany and the UK, are less likely to consider it a business priority.

Alongside fragmentation, the research highlights a number of technology challenges. Using mature cybersecurity controls for cyber resilience stands at just 11% with some EMEA countries rating it as low as 0-5%, and most rely heavily on business continuity plans (74%), disaster recovery plans (72%), ransomware recovery plans (54%) and crisis management strategies (51%).

Haider Pasha adds: “What’s clear is that many organisations don’t yet have the resources and confidence to implement a cyber-resilient tech stack designed to prevent attacks. Instead, they have to rely heavily on tactics such as disaster recovery, which are designed to respond to incidents, rather than plan for them. The lack of visibility into the impact of threats and the focus on resolution is leaving organisations exposed to more threats and unable to plan for future risks.”

However, the research reflects the appetite for making a culture shift around cyber resilience, with influence from senior leadership becoming increasingly important. 72% of respondents said board members are a primary driver of the organisation’s focus on cyber resilience, higher than regulatory imperatives (70%).

Haider Pasha adds: “A clear commitment from senior management to create and maintain clear cybersecurity policies and measure impact, as well as empower middle management to make faster decisions, is vital. Without it, the onus is put on cybersecurity teams to react to incidents, instead of training the company to develop better postures.”

Data quality a major barrier to AI success

Posted 4 hours ago by Phil Alsop
Hitachi Vantara survey finds data demands to triple by 2026, highlighting critical role of data infrastructure in AI success and revealing gaps in...

AI - a make or nreak year ahead?

Posted 4 hours ago by Phil Alsop
NetApp has released its second annual Data Complexity Report, which examines how global organizations are navigating the increasing complexity of...
Cybersecurity, AI, and cloud adoption redefine IT professional roles, reveals Paessler’s latest global survey.
77% cite increasing operational efficiency as the main strategic and spending priority for 2025.

Sage’s 2025 Channel predictions

Posted 1 day ago by Phil Alsop
The channel is poised for significant change in 2025, shaped by trends like AI, industry consolidation, and evolving customer expectations. To help...

Cloudflare publishes top internet trends for 2024

Posted 1 day ago by Phil Alsop
New data unveils record-high government-directed Internet shutdowns, a rise in malicious traffic, and cyberattacks targeting the Gambling and Gaming...
WatchGuard Technologies has unveiled its 2025 Cybersecurity Predictions, based on its own threat intelligence and market analysis. This year’s...

Cyberthreats hide in encrypted traffic

Posted 2 days ago by Phil Alsop
Zscaler has published its Zscaler ThreatLabz 2024 Encrypted Attacks Report, which explores the latest threats blocked by the Zscaler security cloud...