Fastly Research Reveals 93% of Organizations Working to Reduce CISO Liability Risk
Fastly (NYSE: FSLY) has released research showing that 93% of organizations implemented policy changes in the past year to address rising CISO liability concerns. 41% of companies increased CISO participation in board-level strategic decisions.
The changes come in response to new SEC regulations on cybersecurity risk management and increased focus on corporate accountability for data breaches. Key measures include:
- 38% increased scrutiny of security disclosure documentation
- 38% improved legal support for cybersecurity staff, including liability insurance
- Increased resource allocation to security
The research also revealed that 46% of organizations are unclear about ultimate cybersecurity incident responsibility, while only 36% have clearly defined roles and responsibilities within their teams. Fastly's CISO Marshall Erwin emphasizes the need for better regulatory standards and viewing accountability as a positive force for security improvement rather than just a legal shield.
Fastly (NYSE: FSLY) ha pubblicato una ricerca che mostra che il 93% delle organizzazioni ha implementato cambiamenti di policy nell'ultimo anno per affrontare le crescenti preoccupazioni sulla responsabilità dei CISO. Il 41% delle aziende ha aumentato la partecipazione dei CISO nelle decisioni strategiche a livello di consiglio.
I cambiamenti sono stati introdotti in risposta alle nuove normative della SEC sulla gestione del rischio informatico e a un maggiore focus sulla responsabilità aziendale per le violazioni dei dati. Le misure chiave includono:
- 38% ha aumentato il controllo sulla documentazione delle divulgazioni di sicurezza
- 38% ha migliorato il supporto legale per il personale di cybersecurity, incluso l'assicurazione di responsabilità
- Aumento dell'allocazione di risorse per la sicurezza
La ricerca ha anche rivelato che il 46% delle organizzazioni non è chiaro riguardo alla responsabilità finale in caso di incidenti di cybersecurity, mentre solo il 36% ha ruoli e responsabilità chiaramente definiti all'interno dei propri team. Marshall Erwin, CISO di Fastly, sottolinea la necessità di migliori standard normativi e di considerare la responsabilità come una forza positiva per il miglioramento della sicurezza piuttosto che solo come una protezione legale.
Fastly (NYSE: FSLY) ha publicado una investigación que muestra que el 93% de las organizaciones implementó cambios en las políticas en el último año para abordar las crecientes preocupaciones sobre la responsabilidad de los CISO. El 41% de las empresas aumentó la participación de los CISO en decisiones estratégicas a nivel de junta.
Los cambios se han realizado en respuesta a las nuevas regulaciones de la SEC sobre la gestión del riesgo cibernético y un mayor enfoque en la responsabilidad corporativa por las violaciones de datos. Las medidas clave incluyen:
- 38% aumentó el escrutinio de la documentación de divulgación de seguridad
- 38% mejoró el apoyo legal para el personal de ciberseguridad, incluida la seguro de responsabilidad
- Aumento de la asignación de recursos a la seguridad
La investigación también reveló que el 46% de las organizaciones no tiene claro quién es el responsable final de los incidentes de ciberseguridad, mientras que solo el 36% tiene roles y responsabilidades claramente definidos dentro de sus equipos. Marshall Erwin, CISO de Fastly, enfatiza la necesidad de mejores estándares regulatorios y de ver la responsabilidad como una fuerza positiva para la mejora de la seguridad en lugar de solo un escudo legal.
패스트리(Fastly, NYSE: FSLY)는 93%의 조직이 CISO의 책임 증가에 대응하여 정책 변경을 시행했다는 연구 결과를 발표했습니다. 41%의 기업이 이사회 수준의 전략적 결정에 CISO의 참여를 증가시켰습니다.
이러한 변화는 사이버 보안 위험 관리에 대한 새로운 SEC 규정과 데이터 유출에 대한 기업의 책임 증가에 대응하여 이루어졌습니다. 주요 조치에는 다음이 포함됩니다:
- 38%가 보안 공시 문서에 대한 검토를 강화했습니다
- 38%가 사이버 보안 직원에 대한 법적 지원을 개선했으며, 책임 보험을 포함합니다
- 보안에 대한 자원 배분 증가
연구 결과, 46%의 조직이 궁극적인 사이버 보안 사고 책임에 대해 명확하지 않다고 밝혔으며, 36%만이 팀 내에서 명확하게 정의된 역할과 책임을 가지고 있다고 합니다. 패스트리의 CISO인 마샬 어윈(Marshall Erwin)은 더 나은 규제 기준의 필요성과 책임을 단순한 법적 방패가 아닌 보안 개선을 위한 긍정적인 힘으로 보는 것의 중요성을 강조합니다.
Fastly (NYSE: FSLY) a publié une recherche montrant que 93% des organisations ont mis en œuvre des changements de politique au cours de l'année écoulée pour répondre aux préoccupations croissantes concernant la responsabilité des CISO. 41% des entreprises ont augmenté la participation des CISO dans les décisions stratégiques au niveau du conseil.
Ces changements surviennent en réponse aux nouvelles réglementations de la SEC sur la gestion des risques en cybersécurité et à un accent accru sur la responsabilité des entreprises en cas de violation de données. Les mesures clés comprennent :
- 38% ont renforcé l'examen de la documentation de divulgation de sécurité
- 38% ont amélioré le soutien juridique pour le personnel de cybersécurité, y compris l'assurance responsabilité
- Augmentation de l'allocation de ressources à la sécurité
La recherche a également révélé que 46% des organisations ne sont pas claires sur la responsabilité ultime en cas d'incident de cybersécurité, tandis que seulement 36% ont des rôles et des responsabilités clairement définis au sein de leurs équipes. Marshall Erwin, CISO de Fastly, souligne la nécessité de meilleures normes réglementaires et de considérer la responsabilité comme une force positive pour l'amélioration de la sécurité plutôt que comme un simple bouclier juridique.
Fastly (NYSE: FSLY) hat eine Forschung veröffentlicht, die zeigt, dass 93% der Organisationen im vergangenen Jahr Richtlinienänderungen umgesetzt haben, um den steigenden Haftungsbedenken der CISO Rechnung zu tragen. 41% der Unternehmen haben die Beteiligung der CISO an strategischen Entscheidungen auf Vorstandsebene erhöht.
Die Änderungen erfolgen als Reaktion auf neue SEC-Vorschriften zum Management von Cyberrisiken und einem verstärkten Fokus auf die Unternehmensverantwortung bei Datenverletzungen. Zu den wichtigsten Maßnahmen gehören:
- 38% haben die Überprüfung der Sicherheitsoffenlegungsdokumentation erhöht
- 38% haben die rechtliche Unterstützung für Cybersecurity-Mitarbeiter verbessert, einschließlich Haftpflichtversicherung
- Erhöhte Ressourcenallokation für die Sicherheit
Die Forschung ergab auch, dass 46% der Organisationen unklar über die letztendliche Verantwortung für Cybersecurity-Vorfälle sind, während nur 36% klar definierte Rollen und Verantwortlichkeiten innerhalb ihrer Teams haben. Marshall Erwin, CISO von Fastly, betont die Notwendigkeit besserer regulatorischer Standards und die Verantwortung als positive Kraft für die Verbesserung der Sicherheit zu betrachten, anstatt nur als rechtlichen Schutz.
- Strong market positioning in cybersecurity governance research
- Company leading industry dialogue on critical CISO liability issues
- None.
Increasing CISO involvement in strategic decisions at the board level and improving legal support for cybersecurity staff among the corporate policy changes
Marshall Erwin, Chief Information Security Officer at Fastly (Photo: Business Wire)
In late 2023, newly adopted regulations such as the SEC rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies as well as other headlines have put an increased focus on corporate accountability for data breaches, raising an increased concern of CISO liability. To reduce this risk,
“It’s encouraging to see the vast majority of companies making changes to liability disclosure given the inevitability of another worldwide outage that will put CISO accountability back into the spotlight. However, while investing in legal protection is an important step, this change is often more about shielding organizations from legal risk rather than fostering meaningful accountability to drive better security practices,” says Fastly CISO, Marshall Erwin. “Proper accountability requires moving beyond liability insurance and disclosure edits. For meaningful change, we need to view accountability as a positive force to incentivize better security. For that, we need better, clearer standards from regulators and enforcers that distinguish between unavoidable incidents and avoidable ones resulting from truly deficient security practices.”
Shared responsibility, not a single point of failure
Fastly’s research also found that nearly half (
Marshall Erwin added, “CISOs do not make the final call on every decision. When it comes to security risks, the question a board should be asking is, ‘Are we aligning the budget to address the risks the CISO has communicated to us?’ This is where accountability should start - at the senior leadership level, with clear communication and alignment of resources.”
This responsibility doesn’t just fall on one person - it requires clear communication at every level of the organisation to understand how and why cybersecurity risks should be mitigated and how efforts should be aligned to reduce exposure.
Creating better standards
The report underscores the need for the industry to prepare for the next high-profile incident with stronger frameworks for accountability that incentivise meaningful actions, rather than just compliance measures. As regulatory standards continue to evolve, organizations should recognize that CISO liability is not a threat but an opportunity to solidify security postures and drive long-term change across organisations.
About the research
This research surveyed 1,800 key IT decision makers with an influence in cybersecurity, in large organizations spanning multiple industries across North, Central and
To access the full set of data and understand how businesses are consolidating tools and changing their spending habits in the wake of high-profile cybersecurity incidents, visit here.
About Fastly, Inc.
Fastly’s powerful and programmable edge cloud platform helps the world’s top brands deliver online experiences that are fast, safe, and engaging through edge compute, delivery, security, and observability offerings that improve site performance, enhance security, and empower innovation at global scale. Compared to other providers, Fastly’s powerful, high-performance, and modern platform architecture empowers developers to deliver secure websites and apps with rapid time-to-market and demonstrated, industry-leading cost savings. Organizations around the world trust Fastly to help them upgrade the internet experience, including Reddit, Neiman Marcus, Universal Music Group, and SeatGeek. Learn more about Fastly at https://www.fastly.com, and follow us @fastly.
Source: Fastly, Inc.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250304871727/en/
Media Contact
Alex Klepel
press@fastly.com
Investor Contact
Vernon Essi, Jr.
ir@fastly.com
Source: Fastly, Inc.
FAQ
What percentage of companies changed policies to address CISO liability risk according to Fastly's research?
How many FSLY survey respondents increased CISO participation in board-level decisions?
What specific measures did companies take to protect their cybersecurity staff according to Fastly's study?
What percentage of organizations have clearly defined cybersecurity roles according to FSLY's research?
How many companies are unclear about cybersecurity incident responsibility in Fastly's study?
