The rapid adoption of digitization for online and mobile services has created unforeseen security risks, said nearly 90% of the 300 cybersecurity leaders surveyed worldwide in a new report.
Released Wednesday, API security firm Salt Security’s “State of the CISO 2023” shows that the unknown security risks posed by everything from mobile banking to digital payment systems to online healthcare is leading to fear by security professionals of being held personally responsible for security failures in the aftermath of ex-Uber Joseph Sullivan’s conviction in covering up a 2016 data breach.
Nearly all chief security officers (CSOs) and chief information security officers (CISOs) — 99% — said they face personal challenges from the rapid digital transformation, with fear of personal litigation stemming from breaches topping the list of personal challenges at 48%, followed by increased risk and personal liability at 45%.
“With several high-profile CISO lawsuits making waves recently, the trend of security leaders opting for roles below CISO level, or requesting indemnification, is growing — they are fearful of being found personally liable in the event of a breach, which could put their own livelihood at risk,” wrote Michelle McLean, Salt’s vice president of marketing, on the firm’s blog.
Security leaders from the healthcare and financial industries agreed the most about unforeseen security risks from rapid digitization, with 47% of healthcare respondents saying they “very much agree” and 43% of respondents hailing from financial services.
With application programming interface (API) connecting the digital services and leading to security control gaps, 77% of respondents acknowledged APIs are already a higher priority today versus two years ago, and 95% said their organizations have made API security a planned priority over the next two years.
As noted in the report, supply chain and third-party vendors were the biggest security control gap for CISOs in their digital initiatives at 38%, followed by API adoption at 37% and cloud adoption at 35%.
“As the delivery mechanism for sharing data across digital services and applications, APIs represent the key component of digital transformation. APIs also play a particularly critical role in CISOs’ first and third concerns – supply chain/third-party vendors and cloud adoption. Because those services rely on APIs to run, organizations may be seeing a “double impact” of the need for API security," the report continued.
In addition to personal liability fears, cybersecurity leaders said the speed that artificial intelligence is being adopted is having the most impact on their roles as 94% of respondents saying AI adoption is the macro dynamic having the greatest impact on their role, followed by macro-economic uncertainty (92%) and the geo-political climate (91%).