Skip to content

Six Critical Security Gaps Every CISO Must Address

Bottom line: CISOs must shift their perspective from IT protection to business resilience and align the pace of their security measures with threat actors and business development.

A Proofpoint survey shows: One third of CISOs do not see their data adequately protected, 58 percent feel unprepared for cyberattacks. Security gaps emerge in six critical areas requiring immediate attention.

The figures from the Proofpoint 2025 Voice of the CISO Report are sobering: 33 percent of surveyed CISOs admit that their organizational data is not adequately protected. 58 percent feel unprepared to respond to cyberattacks. Only 67 percent see sufficient budgets, personnel and tools provided for their cybersecurity objectives.

A first critical gap is the perception gap: many CISOs understand their role as IT system protection, when it should be about business resilience. As Errol Weiss, Chief Security Officer at Health-ISAC, explains, too many CISOs still think from an IT perspective rather than a business perspective. They prioritize system protection at all costs instead of considering the business impact of outages. Business continuity often falls under other responsibilities but belongs within the security mandate. The 2024 Change Healthcare attack and its impact on the entire healthcare industry demonstrates the consequence of this perspective gap.

The second gap is the speed gap between threat actors and security teams. Cisco Talos describes the 2025 threat landscape through unprecedented acceleration in the exploitation of vulnerabilities—attackers equip themselves with new flaws such as React2Shell or ToolShell immediately after their disclosure. Security teams are not keeping pace with this speed, says Buck Bell, Director of Security Strategy at CDW. Many programs still employ static measures in a world that requires real-time adaptation. Monthly penetration tests and Patch Tuesdays are relics of an earlier era. CISOs close this gap through AI, automation and Continuous Threat Exposure Management (CTEM).

The third gap concerns synchronization with business speed: CISOs must keep pace with the speed of their organization, not work against it. PwC states in its 2026 CISO Outlook that the CISO role is at an inflection point—leadership is expected at the pace of change, while AI and new threats accelerate. Additional critical gaps emerge in the areas of automation, personnel development and strategic alignment of security objectives with enterprise risk.


Source: www.csoonline.com · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.

Share on: