As cybersecurity threats continue to intensify and evolve, Chief Information Security Officers (CISOs) are grappling with significant challenges, including rising cyber liability insurance costs, the perceived inadequacy of current security frameworks like Multi-Factor Authentication (MFA), and an overarching sense of job insecurity. The “CISO Perspectives for 2025” survey by Portnox, a leading provider of zero-trust access control solutions, sheds light on these issues, drawing insights from 200 CISOs working in large enterprises across the United States.
Our takeaways follow; get the whole report here.
Job Security: A Major Concern for CISOs
Perhaps the most striking revelation from the Portnox survey is the overwhelming sense of vulnerability among CISOs regarding their job security. According to the findings, nearly every CISO surveyed (99%) expressed concern about potentially losing their job in the event of a breach. Even more alarming, 77% reported feeling “very” or “extremely” concerned about this issue.
This high level of anxiety stems from the increasing frequency of cyberattacks, many of which have led to the termination of senior security officers. These executives are not only tasked with safeguarding their organizations from external threats but are also under immense pressure to ensure a seamless employee experience, often balancing security with productivity. One misstep—particularly one that results in a significant breach—could jeopardize their position.
Cyber Insurance: Uncertainty and Rising Costs
The survey reveals that cyber liability insurance is a pressing issue for CISOs, with many unsure whether their policies adequately cover the rapidly evolving landscape of cybersecurity risks. For example, 58% of the CISOs surveyed expressed uncertainty about their coverage for supply chain attacks, while 57% were similarly unsure about insider threats. These concerns highlight the growing complexity of the cyber insurance market, where policies may not keep pace with the diversity of threats businesses face today.
CISOs frequently evaluate new solutions to lower their cyber liability insurance premiums in response to these uncertainties. According to the survey, 98% of CISOs conduct evaluations of new security technologies, with two-thirds reporting that this happens often or all the time. This regular reassessment underscores the pressure on security leaders to cut costs while addressing the most significant cybersecurity risks.
Zero Trust: Skepticism Despite Growing Investments
Zero Trust Network Access (ZTNA), once hailed as a game-changer in cybersecurity, has not fully lived up to its promise according to the surveyed CISOs. All respondents expressed dissatisfaction with Zero Trust, pointing out that it does not work as well as expected in practice. Many organizations are still in the early stages of adopting Zero Trust; only 10% of companies have fully implemented it, while nearly half (49%) said their organization requires a significant overhaul or major updates to get there.
Despite the skepticism, Network Access Control (NAC), a fundamental aspect of Zero Trust frameworks, remains critical to the security strategies of most CISOs. In fact, over 80% of respondents plan to increase their investment in NAC in the next year. This indicates that while Zero Trust may not be living up to expectations, security leaders still recognize the value of its components, especially in ensuring that only trusted devices and users can access sensitive network resources.
Multi-Factor Authentication: Facing Its Limitations
Multi-Factor Authentication (MFA) has long been viewed as a cornerstone of corporate security strategies, but the Portnox survey reveals that it is increasingly seen as insufficient against today’s threats. All surveyed CISOs agreed that MFA struggles to keep pace with evolving attack methods. This view stems from common issues associated with MFA, such as phishing attacks that bypass authentication steps or insider threats that render the system ineffective.
As a result, 85% of CISOs expressed concerns that MFA might not be enough to protect employees adequately. This sentiment has led many organizations to explore alternatives, including passwordless authentication, which promises to eliminate some of the most glaring vulnerabilities in traditional MFA systems.
Passwordless Authentication: The Future of Cybersecurity?
With password fatigue and other authentication vulnerabilities rising, passwordless authentication is emerging as a promising alternative. Nearly one-third (32%) of surveyed CISOs have already begun implementing passwordless solutions, while another 38% plan to adopt them. The advantages of passwordless authentication are clear: it offers more robust access control, reduces the risk of password-related exploits, and has the potential to improve the overall employee experience by streamlining login procedures.
However, the road to full implementation is fraught with challenges. The survey found that 53% of CISOs are concerned about the risk of employee lockouts from critical systems, while 45% worry about employee resistance to adopting new technologies. Additionally, concerns about the cost and complexity of passwordless systems remain barriers to widespread adoption.
The Compliance Conundrum
Keeping up with regulatory demands is yet another major challenge facing CISOs, especially as new laws like the EU’s NIS2 regulations come into effect. Only 10% of respondents felt fully prepared for NIS2, and a staggering 90% agreed that even the most agile companies cannot keep up with the constant changes in the regulatory environment.
This sentiment reflects the fast-paced nature of cybersecurity regulations, which often require organizations to adapt their systems and processes at short notice. For many security leaders, staying compliant while managing costs and maintaining robust defenses is a difficult balancing act.
Conclusion
The “CISO Perspectives for 2025” report offers a sobering view of the current cybersecurity landscape, where CISOs must navigate an increasingly complex web of challenges. From the limitations of MFA and Zero Trust to the rising costs of cyber liability insurance and the looming specter of job loss, security leaders are under immense pressure to protect their organizations from ever-evolving threats.
At the same time, the survey highlights a few bright spots, such as the growing interest in passwordless authentication and increased investment in NAC. As we head into 2025, these innovations may offer CISOs the tools they need to stay ahead of the curve—if they can overcome the barriers to implementation.
Other News: Think Your CISO is Ready to Run an Incident Response Plan? Think Again, Says Coalition (Opens in a new browser tab).
Other News: Water supplier American Water Works says systems hacked.