Information security teams have always had to do more with less, but 2023 might be the year when they are able to do more with more. Riding a three-year trend, 70% of CISOs expect their budgets to increase again this year, while 60% also expect more FTEs, according to the CISO Benchmark Report released by the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC).
The annual report surveys cybersecurity leaders from consumer-facing industries to assess data about budgets, personnel, and organizational priorities.
The increase in budget and personnel reflects how cybersecurity has grown as a critical part of business operations in many organizations. This year, business disruption emerged as a top 10 (No. 7) risk that organizations currently face, up seven spots from No. 14 in 2021. Similarly, 50% of CISOs now have business continuity/disaster recovery as part of their core responsibilities, an increase of 11 percentage points since last year.
Surprisingly, although fraud in its many forms greatly impacts the bottom line, and continues to be a top risk for organizations, very few CISOs have fraud as part of their core responsibilities, according to the report.
New this year is an additional benchmark report from RH-ISAC that survey cybersecurity practitioners to understand the challenges and priorities staff have in executing daily job functions.
Key insights from the Practitioner Benchmark Report include:
- 83% serve more than one job function, which means that employees have a valuable and diverse skill set across security operations (76%), threat intelligence (66%), and risk management (66%)
- 93% believe they have the necessary skill sets to perform their job effectively
“The retail and hospitality industries are constantly evolving, and so are the cybersecurity challenges they face,” said Suzie Squier, president of RH-ISAC. “The RH-ISAC Benchmark Reports provide valuable insights and actionable information for CISOs and other information security professionals to stay informed about trends and resource allocation among infosec teams.”
The companies represented in the surveys include retail, restaurants, hospitality, travel, and consumer packaged goods/manufacturing companies, and reflect more than 718,000 total locations, 3.4 million corporate employees, and $2.3 trillion in annual sales.
The full reports are available to RH-ISAC members, and summary versions of each report are available to download:
CISO Benchmark Report
Practitioner Benchmark Report