2018 CISO Investment Blueprint

As we saw in 2017, the number of data breaches and cyber-attacks is not slowing down. What’s more, security leaders are still focused on finding and investing in defensive tools to combat cybercrime. And yet still, adversaries are getting more innovative and outpacing what tools are able to defend.

We no longer live in a time where you need a computer science degree to compromise code. At the same time, the world’s attack surface is getting bigger every day with the adoption of IoT. Traditional application security analysis methods just aren’t cutting it anymore, leaving so many organizations and applications vulnerable.

There is a lot on the mind of a CISO. And clearly, cybersecurity concerns are not going away anytime soon. We are forced to cut through the vendor noise to prioritize the right mix of tools and reduce risk via proven and sustainable approaches – all while demonstrating ROI.

To that end, Bugcrowd surveyed more than 250 security leaders across different industries and regions to find out what they are most concerned about in the year to come. The 2018 CISO Investment Blueprint outlines those concerns and top investment goals for 2018.

Key findings of the report include:

  • The number one application security challenge CISOs are worried about centers on staffing and resourcing. CISOs are imploring a multitude of tools and practices to try and safeguard company and customer data.
  • 60.5% of CISOs are planning to focus on public facing web applications and 45.2% are planning to focus on applications hosted in the public cloud.
  • Crowdsourced security assessment growth continues across industries. According to our survey, more than 30.1% of CISOs plan on implementing vulnerability disclosure programs (VDP) or bug bounty programs in the next year.
  • 63.6% of CISOs believe the most valuable aspect of running VDP or bug bounty is the varied skill sets, skill level and expertise of hackers in the community.
  • The top perceived concern with running crowdsourced security assessment is fear of unauthorized public disclosure situations

Bugcrowd helps CISOs and security decision makers combat modern application security challenges. As a CISO, I have always used the strategy of “the best defense is a good offense.” Indeed, Bugcrowd’s managed experience delivers peace of mind and fast, actionable offensive security testing results for program owners. Bugcrowd provides the technical expertise, service consistency, and flexibility across various technologies, and geographies. The crowdsourced security assessment model reduces overhead, augments security leaders’ existing teams capabilities and improves efficiency by leveraging Bugcrowd’s scale, methodologies, and high level of standardization.

For more on CISO concerns and investment goals, download the 2018 CISO Investment Blueprint Report.

We’re also hosting a live panel “5 Ways to Combat Modern Security Challenges” on March 7 at 11 AM PST to dive into these findings as well as expand on other top security goals and concerns. I will be joined by experts:

  • Geoff Poer, CISO, Chronos
  • Martin Rues, CISO, Outreach.io
  • Maxime Rousseau, CISO, Personal Capital

Register here to participate.