# #

February 27, 2023

The 3 Questions CISO’s Should Focus on in 2023

From Continuing to Secure a Remote Workforce to Executing Human Risk Management, CISOs have a lot on their minds.

Rising cyber attacks continued to plague enterprises across all industries in 2022. An approximate 236.1 million ransomware attacks were reported in the first half of the year alone. As we kick off 2023, there is no doubt that cybersecurity will be top of mind for all CISO’s. A recent Gartner survey found that 66% of respondents plan to increase spending on cybersecurity this coming year. However, where those funds go can make all the difference in truly keeping an enterprise secure from attacks. Below I’ve laid out three questions that CISO’s should focus on answering in 2023.


  1. What are you doing to secure your remote workforce? It’s expected that at least 25% of the American professional workforce will be fully remote by the end of 2023. That percentage only increases globally, and so do the cybersecurity risks that come with it. The pandemic caught a lot of security leaders by surprise leaving them scrambling to tighten network controls and access to digital devices and accounts. Bad actors took note, and ransomware and other cyber attacks rose to an alarming level. If they haven’t done so already, security leaders need to take a hard look at remote work cybersecurity policies. Evaluate which employees have access to certain information, limit access to only those that need it, and provide education and additional security awareness training emphasizing the importance of securing both professional and personal accounts.

  2. How are you making security a part of everyone’s job? Creating a security culture among employees is one of the fastest ways to create a human firewall within your organization. This begins with education and awareness on all levels from the C-suite down to make sure that every team member knows what security policies and controls exist and what threats they are likely to come across. All employees should be receiving regular phishing education, testing and further touch points to keep cybersecurity top of mind at all times.

  3. How are you engaging the C-suite and Board to get your initiatives in place? It’s no secret that budgets are going to be tight in 2023, and that will extend to cybersecurity. A recent C-Suite Outlook survey of 750 CEOs found that 43.3% expected a recession by the end of 2022. CISOs and other security leaders will need to have tight plans in place to demonstrate the importance of their initiatives. A good place to start is with the C-suite themselves. According to Forbes, 84% of C-level executives say they’ve been targeted by at least one cyberattack in the last year, with phishing being the most common. At your next board meeting, present answers to the following: Where are we not already sufficiently protected and how can we change that quickly and cost effectively? 

The answer to all of the above lies in planning and executing a solid Human Risk Management plan. In a world where more than 82% of breaches are caused by human error, software alone cannot sufficiently protect any organization. Human risk management calls for a change in the narrative that portrays your employees as your biggest security threat. It asks you to instead view your team as your biggest strength— and to believe that with the right awareness, training and support, they can champion your security. Answering the above will put security leaders on the path to identifying the largest risks inside their organizations, and put you on a path to a more secure 2023.

Explore how Unify, Living Security's Human Risk Management platform, can help you with your top three by visiting our Insights Hub

# # # # # # # # # # # #