CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs Evolving Role

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.

Welcome to CISO Corner, Dark Readings weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, well offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. Were committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.
In this issue:
CISOs Struggle for C-Suite Status Even as Expectations Skyrocket
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too
DR Global: Missing the Cybersecurity Mark With the Essential 8
Your Cybersecurity Budget Is a Horses Rear End
First Step in Securing AI/ML Tools Is Locating Them
Top 3 Priorities for CISOs in 2024
CISAs Water Sector Guide Puts Incident Response Front & Center
By Jai Vijayan, Dark Reading Contributing Writer
An IANS survey shows that CISOs shoulder more and more legal and regulatory liability for data breaches, but few are getting the recognition or support they need.
CISOs are increasingly being asked to assume the responsibilities of what would normally be considered a C-suite role, but without being regarded or treated as such at many organizations.
An IANS survey found that a full 75% of CISOs are looking for a job change, as expectations for the CISO role have changed dramatically at public and private sector organizations because of new regulations and growing demands for accountability for security breaches.
But while more than 63% of CISOs have a vice president or director-level position, only 20% are at the C-suite level despite having chief in their title. In the case of organizations with revenues of more than $1 billion, that number is even smaller, at 15%.
Why most CISOs lack job satisfaction:
CISOs Struggle for C-Suite Status Even as Expectations Skyrocket
Related:
The CISO Role Undergoes a Major Evolution
By Robert Lemos, Dark Reading Contributing Writer
Insurers doubled premiums in late 2021 to offset losses from ransomware claims. With attacks rising again, organizations can anticipate a new round of increases.
While premium costs fell by 6% in the third quarter of 2023 compared with the same quarter in 2022, even as ransomware- and privacy-related claims had already skyrocketed from the previous year.
Kickstarted by the pandemic and ransomware growth, cyber-insurance claims surged from 2020 on, leading to a dramatic increase in policy pricing. But the cyber-insurance industry is only getting bigger, with the value of direct written premiums growing to $5.1 billion in 2023, an increase of 62% year-over-year, according to Fitch Ratings.
Going forward, there are more players, less comprehensive policies (and therefore insurer risk), and greater competition — all resulting in a softening of prices for coverage. Even so, some predict a rise in premium costs in the next 12-18 months.
Find out what to expect:
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too
Related:
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions
Commentary by Arye Zacks, Senior Technical Researcher, Adaptive Shield
Australias Essential Eight Maturity Model still doesnt address key factors needed to protect todays cloud and SaaS environments.
The Essential Eight, the Aussie governments main cybersecurity risk-management framework for businesses, was established in 2010 and, while updated yearly, it has failed to modernize with the pace of digital transformation: SaaS applications
comprise 70% of all software used by businesses
, but the phrase SaaS appears nowhere in the document.
Specifically, its missing four key cloud-centric security directives: configuration management, identity security, third-party app integration management, and resource control. This article delves into these omissions and what modern businesses need to incorporate into their cybersecurity frameworks.
Read more here:
Missing the Cybersecurity Mark with the Essential Eight
Related:
Time to Secure Cloud-Native Apps Is Now
Commentary by Ira Winkler, Field CISO & Vice President, CYE
Are historical budget constraints limiting your cybersecurity program? Dont let old saws hold you back. Its time to revisit your budget with revolutionary future needs front of mind.
Inevitably a current security budget is based on the previous years budget, which is based on the prior budget, which is based on the prior budget, and so on. The current budget may therefore be fundamentally based on a budget from more than a decade ago — in the same way that modern passenger trains
might owe a debt
to the size of the horse drawing a Roman chariot.
Heres how to break out of that limiting cycle:
Your Cybersecurity Budget Is a Horses Rear End
Related:
Chertoff Group Affiliate Completes Trustwave Acquisition
By Fahmida Y. Rashid, Managing Editor, Features, Dark Reading
Security teams need to start factoring for these tools when thinking about the software supply chain. After all, they cant protect what they dont know they have.
The growing number of applications incorporating artificial intelligence (AI) capabilities and tools that make it easier to work with machine learning (ML) models have created new software supply chain headaches for organizations, whose security teams now have to assess and manage the risks posed by these AI components.
Plus, security teams are often not informed when these tools are brought into the organization by employees, and the lack of visibility means they arent able to manage them or protect the data being used.
Heres how to find the AI/ML lurking in the tools and applications being used — even the shadow ones.
Read more here:
First Step in Securing AI/ML Tools Is Locating Them
Related:
AI Gives Defenders the Advantage in Enterprise Defense
By Stephen Lawton, Dark Reading Contributing Writer
A changing regulatory and enforcement environment means the smart CISO might need to shift how they work this year.
As CISOs gather with their security teams and corporate management to scope out top priorities for 2024, the personal and legal responsibility for data breaches the SEC has placed on CISOs could be the most challenging in the new year.
In turn, changes in cyber insurance also affect cyber risk management. When it comes to privacy breaches in 2024, cyber insurance underwriters are expected to harden regulations on how organizations implement security on private data and privileged accounts, including service accounts, which tend to be overprivileged and often have not had their passwords changed in years.
Find out how forward-thinking visionaries are approaching breach risk (and emerging supply chain threats):
Top 3 Priorities for CISOs in 2024
Related:
Is the vCISO Model Right for Your Organization?
By Robert Lemos, Dark Reading Contributing Writer
As cyberattackers increasingly target water suppliers and wastewater utilities, the US federal government wants to help limit the impact of destructive attacks.
Water and wastewater utilities last week received new guidance for improving their response to cyberattacks from the US Cybersecurity and Infrastructure Security Agency (CISA), following a greater number of attacks by nation-state groups and cybercriminals targeting the underserved critical infrastructure.
The document comes as cybersecurity efforts for the water and wastewater sector (WWS), however, have been hampered by
resource constraints
. CISAs 27-page guide offers detailed advice for the water utility arena on how to create an effective incident response playbook, given the sectors unique challenges.
Here are the main takeaways:
CISAs Water Sector Guide Puts Incident Response Front & Center
Related:
Move Over, APTs: Cybercriminals Now Target Critical Infrastructure Too

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs Evolving Role