Kaspersky: Cybersecurity Breaches 'Inevitable,' Bigger Budgets Needed to Fight

Chief information security officers (CISOs) believe cybersecurity breaches are inevitable, while lack of influence in the boardroom is making it difficult to justify the budgets they need to properly protect their organizations.

That’s according to new research from Kaspersky Lab, which surveyed 250 IT decision makers in both the manufacturing and services sectors between May and July.

Kaspersky’s Andrey Pozhogin

Andrey Pozhogin, cybersecurity expert at Kaspersky Lab, tells Channel Partners one of the biggest challenges that the research indicates is the executive team’s failure to understand the level of IT security support for the CISO to be successful. Eighty-four percent of CISOs in North America said a breach is inevitable.

“There is an opportunity for CISOs to increase their influence and leadership within an organization, and ensure their views are aligned with those of the executive team,” he said. “Working with different lines of business on various projects can help them be seen as more of an authority figure. Increased normal interaction between IT security and the different lines of business can strengthen collaboration and prove their need to be involved in strategic decisions.”

CISOs believe financially motivated criminal gangs (40 percent) and malicious insider attacks (29 percent) are the biggest IT security risks to their businesses today — and these types of threats are difficult to prevent, according to the research.

In addition, the rise of cyberthreats, combined with the digital transformation that many enterprises are undergoing, is making the role of the CISO increasingly critical in modern business. There is now more pressure than ever on CISOs globally, with 57 percent considering complex infrastructures involving cloud and mobility to be the top challenge; managing personal data and sensitive information the second biggest challenge at 54 percent; and worrying about the continuing increase in cyberattacks is third at 50 percent.

With pressure on the CISO increasing, budgets allocated to cybersecurity are reported to be growing across businesses globally. More than half of CISOs are expecting their budgets to increase in the future, while 38 percent of respondents globally – and in North America – expect budgets to remain the same.

It’s almost impossible for CISOs to offer a clear return on investment (ROI) or 100 percent protection from cyberattacks, Pozhogin said. This makes it difficult for more than one-third of CISOs to secure their required IT security budgets because they can’t guarantee there will not be a breach, he said.

“The channel can assist CISOs in getting the protection they need within their budgets by finding new ways to help them prove the ROI of security offerings to the C-suite,” he said. “Too often, businesses view security budgets as part of the overall IT spend — leaving CISOs to fight against other departments for the budget they need to properly protect the organization. In fact, a third of CISOs often see the money they could allocate for their budget prioritized for digital, cloud or other IT projects that can demonstrate a clearer ROI to the business decision makers in the organization.”

Overall, the majority of IT security leaders globally believe that that they are adequately involved in business decision making.

“The issue is that CISOs at the executive level are only typical in enterprises that are highly digital, highly sensitive or very large — and in North America, only 40 percent of cybersecurity managers are a part of the C-suite,” Pozhogin said. “As cybersecurity budgets are expected to grow – with 45 percent of enterprises planning to raise budgets in the next financial year – CISOs will need to become a more influential member of the leadership team in the future. It will be important that their presence is known and they are seen as C-suite security leaders in the business.”