Supply Chain and APIs Top Security Concerns, CISO Survey Shows

Written by

A recent chief information security officers (CISO) survey has shown that supply chain and application programming interfaces (APIs) have emerged as the primary security concerns.

Commissioned by API security firm Salt Security and conducted by Global Surveyz, the research gathered feedback from 300 CISOs/CSOs worldwide.

The findings indicate that 89% of CISOs are grappling with unforeseen risks arising from the rapid deployment of digital services, which threaten the security of critical business data.

“As organizations accelerate their digital transformation efforts, they naturally increase the use of APIs in many areas of business and AI. So it’s promising to see that their API security efforts are finally moving upward,” commented Anton Chuvakin, security advisor at Office of the CISO, Google Cloud.

Read more on API and AI: Google Launches Framework to Secure Generative AI

In particular, the report highlights several key concerns, including personal liability and litigation resulting from security breaches, with 48% of CISOs citing this as a significant challenge.

The survey also reveals that the increasing adoption of artificial intelligence (AI) is significantly impacting the role of CISOs, with 94% stating that AI adoption has the most significant macro-dynamic influence.

Additionally, 95% of CISOs plan to prioritize API security in the next two years, a 12% increase compared with that priority two years ago.

“CISOs are becoming more involved at the business level, and in a macroeconomic environment where a lot of change is expected, it will be even more important to be aligned with business objectives,” explained Guillaume Ross, Deputy CISO at JupiterOne.

“It is expected that more of them will report to CEOs than ever before.”

The report further reveals the top security challenges faced by CISOs, such as a lack of qualified cybersecurity talent (40%), inadequate software adoption (36%) and difficulties justifying security investments (34%).

As previously mentioned, supply chain/third-party vendors (38%) and API adoption (37%) were identified as the top security control gaps resulting from digital initiatives.

CISOs also expressed personal concerns regarding expanded responsibilities and job-related stress.

However, on a positive note, 96% of respondents reported that their boards of directors are knowledgeable about cybersecurity issues.

The Salt Security survey comes a few months after the company released a report suggesting attacks targeting APIs increased 400% in the last few months.

What’s hot on Infosecurity Magazine?