Overtaxed State CISOs Struggle with Budgeting, Staffing

Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to deal with the demands of the job. "Until the security program is not perceived as a 'cost' but rather a 100 times unplanned-for-cost-avoiding department, CISOs will struggle with budget and relevance," says Pete Nicoletti, global field CISO at Check Point Software. "In the early 2000s, the advent of the Internet and the desire to develop citizen-facing applications accessible from the Internet really started that trend," explains Srini Subramanian, co-author of the newly released biennial cybersecurity report from Deloitte and the National Association of Chief Information Officers (NASCIO). Among all 51 US state CISOs surveyed in the Deloitte/NASCIO report, many report an expansion of their responsibilities with regard to protecting data privacy, risk management, and more. As a result, "State CISOs have to go and seek resources from the CIOs as part of their technology budget. Subramanian recalls how, "in Texas, there is a regional security operations center that has been set up with a combination of a university, private sector, and the government. Whether it be a private company or a government organization, large or small, the issues that face CISOs today are pretty consistent across the board, because the underlying gap between security leaders and their colleagues always tends to take a similar shape. "CISOs and security practitioners typically have a hard time justifying their programs to leadership. In 2020 (52%) and 2022 (54%), a majority of CISO's offices handled physical security for data centers and other pertinent facilities, but in 2024 that number plummeted to 35%. The lone counterpoint is that state CISOs today have markedly less to worry about when it comes to physical security, providing a kind of counterbalance. Like CISOs of corporations, these individuals are responsible for building and managing statewide IT security programs and policies, managing cyber-risks and incident response efforts, ensuring compliance with relevant regulations and standards, and more. "State systems don't have as many resources as the private sector," Subramanian says. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. More CISO's offices now provide support to stage agencies in the realms of strategy, governance, and risk management (up 17%), security management and operations (up 8% over 2022), incident response (up 17%), and network and infrastructure (up 7%). Budget constraints and a talent shortage help explain why nearly four in five state CISOs cite staffing as a challenge. "States collect, share, and use data of residents from birth, including school, driving records, health records, and more," he explains. Chief information security officers (CISOs) of US states are being stretched thin by widening responsibilities and insufficient resources to achieve them. Compared to their increased workloads, however, state CISOs offices are not being financed and staffed with equivalent fervor. Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. CISOs for US states face the same kinds of challenges those at private companies do: lots of work to handle, but not necessarily enough money or people to handle it sufficiently well. He also co-hosts "The Industrial Security Podcast," the most popular show in its field. Today, just six state cybersecurity budgets allocate anything toward physical security. "The rigor and emphasis on cyber has always been greater in the federal government," Subramanian notes.

This Cyber News was published on www.darkreading.com. Publication date: Mon, 30 Sep 2024 21:10:18 +0000


Cyber News related to Overtaxed State CISOs Struggle with Budgeting, Staffing

Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
2 months ago Darkreading.com
Proofpoint's CISO 2024 Report: Top Challenges Include Human Error & Risk - In Proofpoint's 2024 Voice of the CISO report, the cybersecurity company found that CISOs are dealing with people-centric threats more than ever. Plus, cybersecurity budgets often don't change, and AI can help and hurt CISOs' efforts. Regarding the ...
6 months ago Techrepublic.com
Human error still perceived as the Achilles' heel of cybersecurity - While fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint. CISOs' confidence is ...
6 months ago Helpnetsecurity.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
1 year ago Darkreading.com
Security tools fail to translate risks for executives - Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, ...
7 months ago Helpnetsecurity.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
9 months ago Darkreading.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
11 months ago Cybersecurity-insiders.com
Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships - In a recent survey of CISOs, 86% of respondents said the role has changed so much that it's almost become a different job altogether from what it once was. In addition to their traditional responsibility of defending organizations from an ...
1 year ago Darkreading.com
Navigating the New Age of Cybersecurity Enforcement - Many equate this move as akin to a bomb going off for people working in the CISO role. CISOs are now faced with unprecedented potential liability risks, prompting the need for a proactive approach to legal exposure for security executives. To shed ...
11 months ago Darkreading.com
CISOs Reconsider Their Roles in Response to GenAI Integration - Chief information security officers face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority - 92% - of the 500 CISOs surveyed by Trellix admitted they are ...
7 months ago Securityboulevard.com
What CISOs Need to Know About Data Privacy in 2024 - While consumers continue to demand stronger personal data protections, companies are scrambling to keep track of an ever-evolving patchwork of applicable laws and regulations. In this environment, cybersecurity professionals need to understand the ...
11 months ago Cybersecurity-insiders.com
Why CISOs and CIOs Should Work Together More Closely - Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites. A ...
1 year ago Feedpress.me
How to Minimize Friction in the Cyber Compliance Certification - Certification has always been a great way for companies to establish trust with their customers. While there's certainly an argument to be made that certification doesn't necessarily make your company more secure, today's buyers need to know that ...
1 year ago Cybersecuritynews.com
How CISOs Can Secure High-Level Executives: Keys to Consider - Securing high-level executives is a difficult task for CISOs for a number of reasons. Executives often have access to a large amount of sensitive data and play a critical role in an organization’s success, so protecting them from cyber threats is ...
1 year ago Csoonline.com
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs' Evolving Role - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing ...
10 months ago Darkreading.com
CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed - PRESS RELEASE. SANTA CLARA, Calif., June 25, 2024 /PRNewswire/ - Netskope, a leader in Secure Access Service Edge, today published new global research that finds that shifts in the cyber threats landscape have changed the way today's Chief ...
5 months ago Darkreading.com
CISO Planning for 2024 May Struggle When It Comes to AI - This year, it is almost always going to be about artificial intelligence. AI is changing so rapidly, making it difficult for CISOs to figure out their 2024 plans for the technology. Because AI is evolving all the time, concrete plans are often ...
11 months ago Darkreading.com
3 Tips for Becoming the Champion of Your Organization's AI Committee - As organizations get a handle on how AI can benefit their specific offerings, and while they try to ascertain the risks inherent in AI adoption, many forward-thinking companies have already set up dedicated AI stakeholders within their organization ...
7 months ago Darkreading.com
Fewer cybersecurity professionals losing their jobs in breach 'blame' game - Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater ...
1 year ago Scmagazine.com
Top 3 Priorities for CISOs in 2024 - As the new year begins, CISOs gather with their security teams and corporate management to scope out top priorities for 2024 and how to address these issues. This year - with a multitude of new privacy laws, Securities and Exchange Commission ...
11 months ago Darkreading.com
Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid - Whether they're earned or not, there are certain stigmas associated with chief information security officers: They work in isolation, with only a vague sense of how various departments contribute to the organization's greater good. Does this describe ...
1 year ago Darkreading.com
The CISO Role Is Changing. Can CISOs Themselves Keep Up? - The role of chief information security officer has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more hats, and communicate effectively with board members, employees, ...
9 months ago Darkreading.com
What Do CISOs Have to Do to Meet New SEC Regulations? - Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer, but the past few months have felt particularly challenging. The recent charges from the US Security and Exchange Commission ...
1 year ago Darkreading.com
CISOs See Software Supply Chain Security As Bigger Blind Spot Than GenAI: Cycode - PRESS RELEASE. SAN FRANCISCO, Dec. 06, 2023 - Cycode, the leader in Application Security Posture Management, today announced the inaugural State of ASPM 2024 report, the industry's first. The research found that AppSec chaos reigns, with 78% of CISOs ...
1 year ago Darkreading.com
CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector - All three are CISOs in one of the world's most attacked sectors: healthcare. All three of our CISOs entered cybersecurity via IT. Dougherty had led the creation of an MSP where he became VP operations. This is a recurring theme in this series of CISO ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)