Risk Management
3 Strategic Insights from Cybersecurity Leader Study
Explore the results of a Sapio Research survey commissioned by Trend Micro about how CISOs and other technology leaders are overcoming today’s biggest challenges.
Even for an industry as fast-paced as cybersecurity, 2023 has been a year of unprecedented changes. Trends like cloud adoption and ransomware evolution continue to challenge the industry, and in just a few months the emergence of generative AI has transformed it completely.
As we continue to equip cybersecurity leaders with the resources and information they need to make sound decisions, Trend Micro set out to learn how cybersecurity leaders are facing and overcoming today’s challenges.
In a survey commissioned by Trend and conducted by Sapio Research, we asked 250 senior IT professionals in the U.S. about the risks they’re facing, the strategies they use, their plans for the future, and the tools they rely on. Their answers offer useful insights for cybersecurity leaders in organisations of all sizes and industries.
Download the ebook to learn everything our experts shared.
1. The expanding attack surface poses a real challenge
When our respondents were asked to name their biggest challenges, it shouldn’t come as a surprise that they chose the cybersecurity industry’s most persistent ones: human error and the global skills gap. However, several of the answers that ranked lower share an obvious connection—the always expanding digital attack surface.
They may be concerned about growing complexity, shrinking visibility, and alert overload, but when our respondents ranked the biggest contributors to cyber risk they highlighted a much more direct threat: phishing and business email compromise. Vulnerabilities and cryptomining rounded out the top three—despite the fact that 57% of respondents say they were a victim of ransomware in the past year.
2. Zero trust, DevOps, and XDR make business sense
One trend stood out clearly all through the survey: CISOs who implement security strategies to prepare for the future are seeing distinct, positive results. After the recently released National Security Strategy recommended Zero Trust architecture, 59% of our respondents say they plan to implement a Zero Trust strategy. So far, just 36% have followed through, but out of those early adopters 96% have seen improvements to their security posture—62% say it significantly improved.
More than four in five of the survey’s respondents (85%) say their organisations follow DevOps practises, and 94% of DevOps users have noticed an improvement in security posture after implementing it. Since 73% of respondents are concerned about developing insecure apps, that peace of mind is critical. Among respondents who don’t follow DevOps, 70% say they plan to.
Organisations that adopted XDR in response to cloud complexity found similar benefits, although 54% of respondents solely use EDR (47% of them say EDR is “effective enough”). Of those who adopted XDR, 85% reported seeing improvements in their security posture, and 41% say it improved a lot.
3. Fighting product sprawl with a platform-based approach
Nine in ten respondents say their organisation’s security investment will increase this year, but most are already facing product sprawl. Just 5% of respondents use only one product—43% use between four and six. But this trend may reverse itself in the years to come, as 89% of respondents with more than one product have plans to consolidate, or switch to a platform.
When it comes to choosing their cybersecurity solutions, our experts valued flexibility, support, and automation. But they were closely divided between the many offerings to secure their cloud environments. Cloud infrastructure entitlement management (CIEM) was the leading choice at 54%, with cloud workload protection platforms (CWPP), cloud-native protection platforms (CNAPP), and cloud security posture management (CSPM) following closely.
Next steps
For more Trend Micro research, check out the following: