Increased AI-driven attacks and accelerated software delivery cycles make it harder to protect companies, as 87% of global CISOs say application security is still a blind spot
THE Dynatrace, a leader in unified observability and security, announces the results of its annual CISO survey (Chief Information Security Officer). This year’s “The State of Application Security in 2024” report reveals that companies are facing internal communication barriers, which hamper their ability to deal with cyber threats. The results indicate that CISOs find it difficult to promote alignment between security teams and C-Level companies, leaving gaps in their understanding of cyber risks. As a result, they find themselves more exposed to advanced cyber threats at a time when Artificial Intelligence (AI)-driven attacks are on the rise.
In this year's report, Dynatrace explored these communication gaps to better understand how a unified approach to observability and security can help teams collaborate more effectively and reduce exposure to risk. The report is available for download at: https://www.dynatrace.com/
Key findings include:
– Lack of alignment between C-Level executives and Board leads to cyber risks: you CISOs have difficulty driving alignment between security teams and senior management, with 87% of CISOs (90% in Brazil) stating that application security is a blind spot at the CEO level (Chief Executive Officers) and Council.
– Security teams are very technical: Seven in ten C-Level executives surveyed say security teams speak in technical terms without providing business context. However, 75% of global CISOs (80% of Brazil leaders) highlight that the problem is rooted in security tools that fail to generate insights that C-Level executives and Boards of Directors can use to understand business risks and prevent threats.
– THE Artificial Intelligence is driving more advanced cyber threats: Addressing this technology and communications gap is becoming increasingly urgent as the rise in AI-driven cyber attacks and threats significantly elevates business risk.
– Brazilian CISOs rank their companies’ top cybersecurity management priorities in the following order:
1: Crisis management and response (e.g. data breach and media focus),
2: Application security (such as vulnerability management),
3: Oversight of internal risks (such as use of mobile devices), Management of third-party risks (for example, Cloud services or supply chain), and Regulatory compliance, such as HIPAA (Health Insurance Portability and Accountability Act) and PCI DSS (Payment Card Industry Data Security Standard).
In this context, almost three-quarters of global CISOs say their company has had an application security incident in the last two years. In Brazil, the number goes up to 84%. These incidents carry significant risks, with CISOs around the world highlighting the common consequences they have experienced, including revenue impact (47%), regulatory fines (36%), and loss of market share (28%).
“Cybersecurity incidents can have devastating consequences for companies and their customers, so the issue has become an urgent concern at Board level,” says Bernd Greifeneder, Chief Technology Officer at Dynatrace. “However, many CISOs are struggling to drive alignment between security teams and senior executives because they are unable to elevate the security conversation. bits and bytes for specific business risks. CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimize their exposure to risk.” 
Other research findings include:
– The need to foster closer engagement between security teams and senior management is becoming more important as the rise of Artificial Intelligence exposes companies to additional risk. 52% of global CISOs are concerned about the potential of Artificial Intelligence to allow cybercriminals to create exploits – software or code that aims to take control of computers or steal network data -, for example, more quickly and execute them on a wider scale. 45% are also apprehensive about Artificial Intelligence's potential to allow developers to speed up software delivery with less oversight, leading to more vulnerabilities.
– While looking for a solution, 83% of global CISOs (92% of Brazilian leaders) say that DevSecOps automation is most important to manage the risk of vulnerabilities introduced by Artificial Intelligence. Additionally, 71% of CISOs around the world say that DevSecOps automation is critical to ensuring that reasonable steps have been taken to minimize application security risk. In Brazil, however, only 10% of CISOs state that their company has mature DevSecOps automation practices.
– 77% of Global CISOs say current tools such as XDR and SIEM solutions cannot manage Cloud complexity as they lack the intelligence needed to drive automation at scale, and 70% of Leaders say the need for multiple security tools of applications creates operational inefficiency due to the effort required to make sense of disparate data sources.
“The growing use of Artificial Intelligence is a double-edged sword, generating efficiency gains for both digital innovators and those seeking to breach their defenses,” says Greifeneder. “On the one hand, there is a greater risk of developers introducing vulnerabilities through AI-generated code that has not been adequately tested, and on the other, cybercriminals may develop more automated and sophisticated attacks to exploit them. Further worsening the situation, companies must also comply with emerging regulations, which require them to identify and report the impact of attacks within days. Companies urgently need to modernize their security tools and practices to protect their applications and data from modern and advanced cyber threats. The most effective approaches will be built on a unified platform that drives mature DevSecOps automation and leverages Artificial Intelligence to handle distributed data at any scale. These platforms will provide insights that the entire company can lean on and use to demonstrate compliance with strict regulations.”
The report is based on a global survey of 1,300 CISOs and ten interviews with CEOs and CFOs (Chief Financial Officers) in companies with more than 1,000 employees. It was commissioned by Dynatrace and driven by Coleman Parkes between March and April 2024.
EN 
PT 
