Do you think your org’s likely to increase funding for security awareness and training next year?

Awareness & TrainingRisk Management

Very likely19%

Likely52%

Unlikely19%

Very unlikely9%

Unsure

109 PARTICIPANTS
1.2k viewscircle icon2 Comments
Sort by:
CISO in Energy and Utilitiesa year ago

I'll be hiring two people this year and possibly a third next year. Awareness training is really well received across the enterprise and should be a important part of everyones overall program. Sometimes our users/customers are the first, last and only line of defense... 

Cyber risk / cyber insurance professional, CMO in Softwarea year ago

Several regulations and insurance require cybersecurity awareness training and it's a good thing. 
It's often reported that phishing training does not work but you have to think about it the other way. What if no training at all was done, then the rate of cyber incidents would be much higher. 

Content you might like

AI deepfakes have cost the industry over $200M this year. As CISOs, can we scale detection fast enough, or is regulatory pressure the only way to drive adoption?

Read More Comments

Is cybersecurity policy governance centralized at your org?

Yes69%

No, but we’re working on this26%

No4%

Unsure1%

View Results

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

Non-human identities (NHIs), such as API keys, service accounts, and tokens, outnumber humans by 25 to 50 times and often go ungoverned. From Entro’s 2025 report:
• 90% have excessive permissions
• 44% are exposed in the wild
• 91% of stale secrets are never revoked

What helped us: inventory, assign owners, right-size access, monitor behavior, and test continuously.

How mature is your NHI program? Biggest barrier, tooling, ownership, or adoption?

In response to Microsoft's Sharepoint vulnerability, will you push for stricter contract terms from vendors regarding "zero day" attack response times, transparency, and customer notification?

Yes, will try to add SLAs around zero day attacks14%

Maybe, waiting to see how this incident resolves86%

No, current contract terms are adequate

View Results