< Back to the CISO Survey main page

Introduction

Over the last years, we noticed that application security risks and threats have been on the rise and OWASP has started the CISO survey project to gather intelligence and provide it to CISOs and senior managers in order to improve their security strategies, assess their priorities and learn from their peers about what works best protecting web and application security in organizations across various industries. Although this first data set has already been collected from more than a hundred senior information security managers from around the world, to some degree the current data set was too small to be broken down into country or industry specific findings. Having said that, we found that on an anecdotal level, many of the findings appear to be consistent across a multitude of industries. OWASP will, in the coming year 2014, significantly further improve the breadth and depth of the current CISO survey and conduct it with a much wider audience around the globe.

A number of findings support common assumptions, but others clearly show where assumed general expectations have been oversimplified. The report provides insight into which risks and threats are on the rise, which challenges are most pressing for CISOs and their organizations and what techniques are particularly useful to counter application security risks.