A survey of ClubCISO members has found that global organizations are becoming more resilient to cyber compromise, with over three-quarters (76%) of CISOs reporting no material breaches over the past year.
A total of 182 members of the private members forum were surveyed in order to compile Telstra Purple's tenth annual Information Security Maturity report.
The findings revealed that a majority of these organizations at least are improving their cybersecurity resilience. Last year, 68% said they’d suffered no material breaches.
Additionally, 60% of responding CISOs said that no material cybersecurity incident had occurred in the past 12 months.
One positive influencing factor could be improvements to security culture. Although it’s notoriously difficult to measure, 80% of respondents said their organization’s security culture had improved to some degree over the past year.
The biggest drivers cited were leadership endorsement (80%), proactive “report it” no-blame policies (41%), simulated phishing (38%) and tailored training (37%).
Advisory board member, Jessica Barker, acknowledged the importance of executive buy-in.
“Cybersecurity has been rising up on the corporate agenda for a few years now, but this stronger alignment between security teams and senior leadership is very encouraging progress,” she added.
“Without tone and resource from the top, building a healthy security culture will always be more challenging.”
Telstra Purple EMEA boss, Rob Robinson, argued that the findings show CISOs are clearly having a positive influence on culture and people.
“The fact that leadership endorsement is also being highlighted as a critical factor for establishing an effective security posture also recognizes the progress CISOs have made at the very highest levels of business,” he added.
“Strong security is now clearly seen as a key corporate capability and that is in large part due to the voice CISOs have developed at the C-level.”
However, despite the promising headline, just 38% of CISO respondents rated their overall security posture as “above average” versus 46% last year. Also, around 13% said they don’t feel confident that their organization will be able to meet key security objectives – unchanged from 2022.