Two-thirds (66%) of CISOs say they are worried that the cybersecurity threats their organisation is facing are more advanced than their defences, which is significantly more than their C-suite counterparts (56%).

47% of CISOs say their organisation has experienced a cybersecurity incident due to inside threats in the past three years, compared to the rest of the C-suite (31%).

68% of CISOs are more likely than the rest of the C-suite (57%) to express concern about senior leaders at their organisation underestimating the dangers of cybersecurity threats.

The rest of the C-suite (77%) is more likely than CISOs (69%) to attribute success in decreased cybersecurity incidents to increased investments in employee cybersecurity training.

79% of CISOs say KPIs for their security teams have changed substantially over recent years.

Cost-saving measures reported by CISOs include reduced security solutions and tools (50%), security hiring freezes (40%), and decreased or eliminated security training (36%).

82% of security leaders report directly to the CEO in 2024, which is up from 47% in 2023.

Only 47% of CISOs engage with their boards on a monthly or quarterly basis, and 42% meet with their boards on an ad hoc basis, if at all.

51% of CISOs see upskilling or reskilling security employees as a priority, versus 27% of boards.

36% of CISOs consider contributing to revenue growth initiatives a priority compared to 24% of board members.

46% of CISOs said attaining security milestones was indicative of their success, compared to only 19% of board respondents.

18% of CISOs revealed they were unable to support a business initiative because of budget cuts in the last 12 months.

59% of CISOs said they would become a whistleblower if their organisation was ignoring compliance requirements.

90% of CISOs have ownership of their organization’s security operations, architecture, governance, as well as digital risk and compliance.

64% of CISOs said that lack of support led to a cyberattack.

21% of CISOs revealed they had been pressured not to report a compliance issue.

83% of security leaders participate in board meetings "somewhat often" or "most of the time".

64% of CISOs reveal that the current threat and regulatory environment make them concerned they’re not doing enough.

Between 50% and 90% of CISOs identified other elements of business risk, such as disaster recovery, business risk, and third-party risk management, as well as broader security concerns such as product security, as falling under their remit.

70% of CISOs indicated any raises they received were annual merit-based increases, which on average were 6%.