A report from Ernst & Young LLP analyzed the current threat landscape and a disconnect within the c-suite. The study found that 66% of CISOs say they are worried that the cybersecurity threats their organization is facing are more advanced than their defenses, which is significantly more than their C-suite counterparts (56%).

Comparing the responses of CISOs to their C-suite counterparts reveals worrying divides. For example, CISOs are more likely than the rest of the C-suite to express concern about senior leaders at their organization underestimating the dangers of cybersecurity threats (68% vs. 57%), highlighting a lingering vulnerability due to a lack of understanding by C-suites of the downside risks.

The survey also found a divide between CISOs and the rest of the C-suite on the origin of cybersecurity incidents and the threat actors responsible. CISOs (57%) are more likely than the rest of the C-suite (47%) to say their organization has experienced a cybersecurity incident due to cybercriminals in the past three years. Conversely, more CISOs (47%) say their organization has experienced a cybersecurity incident due to inside threats (i.e., employees intentionally stealing or leaking private information) in the past three years, compared to the rest of the C-suite (31%). This gap in understanding about the historic source of incidents is problematic for building defenses against future threats.

Another concerning disconnect is that CISOs are the most likely to attribute decreased cyber incidents to investment in artificial intelligence (AI). In fact, 75% of CISOs say their organization experienced a decrease in cybersecurity incidents following increased investment in AI, compared to the rest of the C-suite (68%). By contrast, the rest of the C-suite (77%) is more likely than CISOs (69%) to attribute success in decreased cybersecurity incidents to increased investments in employee cybersecurity training.

While 21% of C-suite leaders say their organization currently invests more than 10% of their IT budget (which cybersecurity falls under) in cybersecurity, this number is expected to roughly double to 38% next year.

Read the report.