Singapore – 90% of organisations were hit with at least one major cyber attack in the last year, with 83% of security leaders have paid ransoms to their attackers during cyberattacks, according to data security and IT software provider Splunk’s 2023 global CISO survey which covered 350 security leaders in total as respondents.

According to the report, more than half of the respondents paid at least $100,000, and every 1-in-11 paid a staggering $1 million or more.

Specifically, numerous industries experienced ransomware attacks that significantly impacted their systems and business operations, including financial services (59%), retail (59%) and healthcare (52%). The retail industry is the most likely to pay the ransom, with 95% of respondents reporting they either paid directly, through cyber insurance or a third party.

While all regions reported paying the ransom, APAC was more likely to pay $1 million or more as compared to its counterparts, and also suffered the most from disruptive cyber attacks.

Notably, 86% of surveyed chief information security officers (CISOs) believe that generative AI will alleviate skills gaps and talent shortages on the security team, filling labour-intensive and time-consuming security functions and freeing up security professionals to be more strategic. 35% percent report using generative AI for positive security applications and an additional 61% will likely use it within the next 12 months.

On the other hand, 70% of CISOs also believe generative AI could give cyber adversaries more opportunities to attack, yet 35% are already experimenting with it for cyber defence including malware analysis, workflow automation and risk scoring.

CISOs also overwhelmingly responded that tool sprawl is a major concern, likely adding to existing visibility issues. Majority say they see a need to rein in security analysis and operations tools with solutions like security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat intelligence. CISOs are looking to decrease the number of tools they use and simplify processes with automation.

The report also mentioned that CISOs and organisations are now prioritising cybersecurity, with 47% of organisations now adding CISOs as part of the C-suite, and 93% of respondent CISOs expecting an increase in their cybersecurity budget over the next year. Additionally, 92% of respondents report either a significant or moderate increase in cybersecurity collaboration between security teams, IT and engineering organisations, largely driven by initiatives like digital transformation, cloud native development and a greater emphasis on risk management.

Jason Lee, CISO at Splunk, said, “The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions. These relationships provide CISOs the opportunity to become champions who strengthen an organisation’s security culture and lead teams to become more cross-collaborative and resilient.”

“By communicating key security metrics, CISOs can also guide boards on adopting emerging technologies, such as generative AI, to help improve cyber defence management and prepare for the future,” he added.