Two-thirds (66%) of CISOs say they are worried that the cybersecurity threats their organisation is facing are more advanced than their defences, which is significantly more than their C-suite counterparts (56%).

47% of CISOs say their organisation has experienced a cybersecurity incident due to inside threats in the past three years, compared to the rest of the C-suite (31%).

68% of CISOs are more likely than the rest of the C-suite (57%) to express concern about senior leaders at their organisation underestimating the dangers of cybersecurity threats.

The rest of the C-suite (77%) is more likely than CISOs (69%) to attribute success in decreased cybersecurity incidents to increased investments in employee cybersecurity training.

18% of CISOs revealed they were unable to support a business initiative because of budget cuts in the last 12 months.

83% of security leaders participate in board meetings "somewhat often" or "most of the time".

51% of CISOs see upskilling or reskilling security employees as a priority, versus 27% of boards.

46% of CISOs said attaining security milestones was indicative of their success, compared to only 19% of board respondents.

82% of security leaders report directly to the CEO in 2024, which is up from 47% in 2023.

59% of CISOs said they would become a whistleblower if their organisation was ignoring compliance requirements.

36% of CISOs consider contributing to revenue growth initiatives a priority compared to 24% of board members.

21% of CISOs revealed they had been pressured not to report a compliance issue.

Cost-saving measures reported by CISOs include reduced security solutions and tools (50%), security hiring freezes (40%), and decreased or eliminated security training (36%).

64% of CISOs reveal that the current threat and regulatory environment make them concerned they’re not doing enough.

90% of CISOs have ownership of their organization’s security operations, architecture, governance, as well as digital risk and compliance.

70% of CISOs indicated any raises they received were annual merit-based increases, which on average were 6%.

Between 50% and 90% of CISOs identified other elements of business risk, such as disaster recovery, business risk, and third-party risk management, as well as broader security concerns such as product security, as falling under their remit.

Dual CISOs at large organizations earn an average total compensation (including equity) of $1 million, whereas those who only take on partial IT oversight are closer to the average of traditional CISOs who manage none of the IT functions ($653,000).

64% of CISOs said that lack of support led to a cyberattack.

79% of CISOs say KPIs for their security teams have changed substantially over recent years.