In today’s hyper-connected world, cybercrime isn’t just another IT concern. It’s the third largest global economy, set to cost the world a staggering $10.5 trillion annually by 2025. This jaw-dropping forecast isn’t the plot of a cyber-thriller; it’s a reality highlighted by Caitlin Ferreira and colleagues in a 2024 article examining the state of cybercrime research and the evolving challenges facing CISOs.
The Shifting Cyber Battlefield
Cybercriminals now operate seamlessly across borders, leveraging everything from dark web marketplaces to emerging technologies like AI, blockchain, and IoT devices. What’s more, anyone, from citizens, businesses, and even national infrastructure, can be in their crosshairs at any moment. As the threats evolve, so must our defenses.
The Evolving Role of the CISO: From Technician to Strategist
No longer just the tech expert in the corner office, today’s CISO is expected to be both a strategist and a diplomat. The article describes how CISOs must move beyond technical defense, managing not just cyber risks, but also influencing business strategy and building resilience into every digital dependency. This includes partners, suppliers, and the entire digital ecosystem. In short, CISOs must become orchestrators of trust and leaders of change.
What Is Keeping CISOs Awake at Night?
So, what are the burning issues? According to the research from Ferreira et al., there are four dominant clusters that CISOs need on their radar:
- New Tech, New Risks: Technologies like AI, blockchain, and cryptocurrencies present both defensive opportunities and fresh attack surfaces. Big data’s scale makes everything bigger, threats included.
- Social Engineering & Exploits: The driving forces behind attacks – phishing, identity theft, and fraud, are constantly evolving. Attackers relentlessly seek out both human and technical vulnerabilities.
- The Human Cost: Cybercrime is about more than systems; it’s about victims. The fallout ranges from cyberbullying and malware infections to severe psychological and financial consequences.
- Culture & Awareness: Factors such as employee awareness, day-to-day behaviors, and even organizational culture now dramatically shape the odds of being compromised.
The State of Cybercrime Research
Here’s some good news: interest in cybercrime research is soaring. The article finds that after 2016, publications on cybercrime ramped up sharply, peaking in 2022 and 2023. And while criminology still leads the pack, studies are now coming in from computer science, engineering, law, psychology, and beyond: an encouraging sign that tackling cybercrime requires diverse teams and perspectives.
Perhaps most striking, the United States is the global thought leader in research and citations, followed by the UK, Australia, and India. Major journals like IEEE Access are shaping the debate, but there’s a call for more coverage from top information systems journals, given how fast technology, and the crime it enables, are advancing.
Key Takeaways for Cybersecurity Leaders
Ferreira and co-authors make it clear: as digital threats grow, so does the responsibility of cybersecurity leaders. CISOs are now critical voices at the executive table, driving not just defensive posture but business resilience. To thrive, organizations need to:
- Invest in both technology and people
- Foster a culture of cyber awareness
- Build strategic alliances across the organization and beyond
Staying ahead means not just reacting to today’s threats, but anticipating tomorrow’s challenges: a message that, as highlighted in the research, should resonate in every boardroom and IT war room alike. The modern CISO faces an unprecedented, fast-evolving threat environment that demands continual learning, agile adaptation, and a leadership style that bridges technology, business strategy, and human behavior.
Bridging the Gap: From Research to Operational Reality
The Challenge in Front of CISOs
Ferreira and colleagues highlight the strategic challenges CISOs face today: from emerging technologies to the critical importance of culture and alliances. Their research stresses the need for CISOs to drive resilience across their organizations.
Separately, independent analysis of breaches shows that about 95% are caused by gaps in processes and proactive planning, along with a lack of strategic programs and risk quantification. This gap between understanding the strategy and executing it operationally is where many organizations struggle.
How CISOTERIA Delivers True Resilience
This is why, at CISOTERIA, we focus on helping CISOs translate broad strategic goals into structured, measurable processes. By enabling continuous risk monitoring and fostering proactive planning, we empower leaders to move beyond awareness to achieve true operational resilience in an ever-changing threat landscape.
For Further Reading:
This article is based on: Ferreira, C., Park, A., Kietzmann, J., Demetis, D., Flostrand, A., McCarthy, I., Pitt, L., & Dabirian, A. (2024). “Cybercrime: Understanding the Current State of Literature and Issues Facing CISOs.” IT Professional, IEEE Computer Society. March/April 2024.
