According to a survey of 600 US-based CISOs, the salary gap between top and bottom-earning CISOs is widening, with the highest-paid executives receiving salary increases at a rate three times higher than those at the lower levels. Most CISOs earn below $400,000 or above $700,000 annually, with 52% earning less than $400,000 and 20% earning above $700,000. While CISO compensation grew 11% year-on-year, the growth rate has slowed compared to the previous year. The report also highlights that many CISOs are looking for new roles, citing compensation, job progression, and work-life balance as influencing factors.
A Splunk study reveals that most organizations still choose to pay for ransomware attacks, with over half paying more than $100,000. The study also highlights concerns about the potential for generative AI to enable more sophisticated attacks. To enhance cyber resilience, organizations are focusing on cross-functional collaboration and adopting AI for malware analysis and workflow automation. However, there is a need to reduce the number of security tools and upskill security teams to address the evolving threat landscape effectively.
According to a study by Secureworks, the time cyber attackers take to deploy ransomware after gaining initial access to a victim’s environment has dropped to 24 hours. This is a significant decrease from previous years, attributed to the improved detection of pre-ransomware activity and the rise of the ransomware-as-a-service (RaaS) model. Cybercriminals adapt to the changing defensive landscape by completing their attacks faster and resorting to less complex attacks for greater volume. The study also identified vulnerability scanning tools, stolen credentials, and phishing emails as the primary access vectors for ransomware attacks.
The total number of data breaches and leaks in 2023 has already surpassed the numbers from last year, indicating that efforts to combat cyberattacks have not been practical. The increase can be attributed to rising ransomware attacks, zero-day vulnerabilities, and supply chain cyberattacks. While the total number of compromises has increased, the number of victims in 2023 is lower than in 2022. Attacks related to vulnerabilities in the file-transfer tool MOVEit were among the most impactful breaches in the third quarter.
The 2023 Travelers Risk Index highlights that cyber risks remain a top concern for businesses of all sizes and industries. More than half of the participants believe their business will be a cyberattack victim. The most common cyber concerns include unauthorized access to financial accounts, security breaches, and employees putting information/systems at risk. Despite this, many businesses are not adequately prepared, with a significant percentage not implementing basic prevention measures such as firewall/virus protection and data backup.
Why do we care?
I want to highlight how expensive a CISO is for two reasons. First, as they get smaller, most organizations will never be able to afford this, and second, that equals a premium service to be delivered for those who can’t.
And in a world where attacks are up, ransoms are up, and insurance is a gap. And we’re still not doing the basics. Why cybersecurity? All those reasons. Many companies still lack basic cybersecurity measures. MSPs have a critical role to play in implementing these foundational controls as a starting point for broader security strategies.

