Data Security, Leadership, Application security

CISOs say they’re concerned with lawsuits, supply chain and API security in survey

SAN FRANCISCO, CALIFORNIA – MAY 19: In an aerial view, the Uber office at 1725 Third Street is seen on May 19, 2023 in San Francisco, California. (Photo by Justin Sullivan/Getty Images)

The rapid adoption of digitization for online and mobile services has created unforeseen security risks, said nearly 90% of the 300 cybersecurity leaders surveyed worldwide in a new report. 

Released Wednesday, API security firm Salt Security’s “State of the CISO 2023” shows that the unknown security risks posed by everything from mobile banking to digital payment systems to online healthcare is leading to fear by security professionals of being held personally responsible for security failures in the aftermath of ex-Uber Joseph Sullivan’s conviction in covering up a 2016 data breach.

Nearly all chief security officers (CSOs) and chief information security officers (CISOs) — 99% — said they face personal challenges from the rapid digital transformation, with fear of personal litigation stemming from breaches topping the list of personal challenges at 48%, followed by increased risk and personal liability at 45%.

“With several high-profile CISO lawsuits making waves recently, the trend of security leaders opting for roles below CISO level, or requesting indemnification, is growing — they are fearful of being found personally liable in the event of a breach, which could put their own livelihood at risk,” wrote Michelle McLean, Salt’s vice president of marketing, on the firm’s blog.

Security leaders from the healthcare and financial industries agreed the most about unforeseen security risks from rapid digitization, with 47% of healthcare respondents saying they “very much agree” and 43% of respondents hailing from financial services. 

With application programming interface (API) connecting the digital services and leading to security control gaps, 77% of respondents acknowledged APIs are already a higher priority today versus two years ago, and 95% said their organizations have made API security a planned priority over the next two years.

As noted in the report, supply chain and third-party vendors were the biggest security control gap for CISOs in their digital initiatives at 38%, followed by API  adoption at 37% and cloud adoption at 35%.

“As the delivery mechanism for sharing data across digital services and applications, APIs represent the key component of digital transformation. APIs also play a particularly critical role in CISOs’ first and third concerns – supply chain/third-party vendors and cloud adoption. Because those services rely on APIs to run, organizations may be seeing a “double impact” of the need for API security," the report continued.

In addition to personal liability fears, cybersecurity leaders said the speed that artificial intelligence is being adopted is having the most impact on their roles as 94% of respondents saying AI adoption is the macro dynamic having the greatest impact on their role, followed by macro-economic uncertainty (92%) and the geo-political climate (91%).

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.