Dynatrace’s latest CISO survey reveals significant alignment issues between Australian security teams and the C-suite, exposing organisations to heightened cyber risk. According to the report, 89% of CISOs indicate that application security remains a blind spot, and the rise of AI-driven attacks coupled with accelerated software delivery cycles is complicating efforts to protect organisations.
Released on May 6, 2024, the report titled The State of Application Security in 2024 highlights that Australian organisations are struggling with internal communication barriers, which impede their ability to address cybersecurity threats effectively. The findings suggest that CISOs face challenges in aligning security teams with the C-suite, resulting in gaps in the organisation’s understanding of cyber risk and increased vulnerability to advanced cyber threats, particularly as AI-driven attacks become more prevalent.
Key Findings:
- Lack of C-level and Board Alignment Leads to Cyber Risks: CISOs struggle to align security teams with the C-suite, with 89% of CISOs stating that application security is a blind spot at the CEO and board level.
- Security Teams Are Too Technical: Seven out of ten C-suite executives report that security teams communicate in overly technical terms without providing business context. Meanwhile, 76% of CISOs attribute this issue to security tools that fail to generate insights comprehensible to C-level executives and boards of directors.
- AI is Driving More Advanced Cyber Threats: Addressing the technology and communication gap is becoming increasingly critical as AI-driven attacks and cyber threats significantly elevate business risk.
Nearly three-quarters (72%) of CISOs report that their organisation has experienced an application security incident in the past two years. These incidents carry significant risks, with CISOs noting common consequences such as impacted revenue (43%), regulatory fines (36%), and lost market share (32%).
“Cybersecurity incidents can have devastating consequences for organisations and their customers, so the issue has rightfully become a critical board-level concern,” said Dynatrace CTO Bernd Greifeneder. “However, many CISOs are struggling to drive alignment between security teams and senior executives because they’re unable to elevate the conversation from bits and bytes to specific business risks. CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimise their risk exposure.”
The need for closer engagement between security teams and the C-suite is becoming more pressing as AI exposes organisations to additional risks. CISOs are particularly concerned about AI’s potential to enable cybercriminals to create new exploits faster and execute them on a broader scale (52%). They are also worried about AI’s potential to allow developers to accelerate software delivery with less oversight, leading to more vulnerabilities (45%). In response, 85% of CISOs believe that DevSecOps automation is crucial for managing the risk of vulnerabilities introduced by AI. Additionally, 87% of CISOs assert that DevSecOps automation will be essential for staying compliant with emerging regulations.
Furthermore, 77% of CISOs state that current tools such as XDR and SIEM solutions cannot manage cloud complexity, as they lack the intelligence needed to drive automation at scale. An additional 70% of CISOs report that the need for multiple application security tools drives operational inefficiency due to the effort required to make sense of disparate data sources.
“The growing use of AI is a double-edged sword, creating efficiency gains for both digital innovators and those seeking to breach their defences,” said Greifeneder. “On the one hand, there’s a greater risk of developers introducing vulnerabilities through AI-generated code that has not been adequately tested, and on the other hand, cybercriminals can develop more automated and sophisticated attacks to exploit them.”
“Organisations urgently need to modernise their security tools and practices to protect their applications and data from modern, advanced cyber threats. The most effective approaches will be built on a unified platform that drives mature DevSecOps automation and harnesses AI to deal with distributed data at any scale. These platforms will provide the insights the entire business can rally behind and use to demonstrate compliance with stringent regulations.”
