PORTNOX SURVEY

2025 CISO Perspectives Report Data

To access a full analysis of the results, click here.

How does your organization approach cybersecurity with regards to the employee experience?

  • We try to balance employee experience with security as much as possible

    0%

  • Security is the priority and employee experience is a secondary consideration

    0%

What complaints do employees have about your organization's security measures?

  • It interferes with or slows their work

    0%

  • Password changes are too frequent

    0%

  • It takes too long to get a resolution to issues

    0%

  • They’re not adequately trained on how to use them

    0%

  • They are difficult to understand

    0%

  • They use tedious processes

    0%

  • Other

    0%

  • Employees do not complain about security measures

    0%

How concerned are you about a cyber-attack breaching your organization's security defenses?

  • Extremely concerned

    0%

  • Very concerned

    0%

  • Somewhat concerned

    0%

  • Not very concerned

    0%

  • Not at all concerned

    0%

How concerned are you that security provided by Multi-Factor Authentication does not do enough to protect employees?

  • Extremely concerned

    0%

  • Very concerned

    0%

  • Somewhat concerned

    0%

  • Not very concerned

    0%

  • Not at all concerned

    0%

How strongly do you agree or disagree with the following statement: MFA can't keep pace with evolving threats.

  • Strongly agree

    0%

  • Somewhat agree

    0%

  • Somewhat disagree

    0%

  • Strongly disagree

    0%

What would be required to fully implement Zero Trust at your organization?

  • A complete overhaul

    0%

  • Significant updates

    0%

  • Some minor updates

    0%

  • We have already fully implemented Zero Trust

    0%

Which comes closest to your opinion about Zero Trust?

  • Zero Trust is the future of cybersecurity

    0%

  • Zero Trust has promise but organizations face difficulty to implement it

    0%

  • Zero Trust can work for some organizations but not all

    0%

  • Zero Trust is more hype than value for organizations

    0%

How strongly do you agree or disagree with the following statement: Network Access Control (NAC) is a critical component of any Zero Trust framework.

  • Strongly agree

    0%

  • Somewhat agree

    0%

  • Somewhat disagree

    0%

  • Strongly disagree

    0%

Will your organization be increasing or decreasing investment in NAC (Network Access Control) in the next year?

  • Significantly increasing

    0%

  • Somewhat increasing

    0%

  • Neither increasing nor decreasing

    0%

  • Somewhat decreasing

    0%

  • Significantly decreasing

    0%

When you hear of a high-profile security breach or hack, how likely do you think it is due to a compromised password or authentication?

  • Extremely likely

    0%

  • Very likely

    0%

  • Somewhat likely

    0%

  • Not too likely

    0%

  • Not likely at all

    0%

Which of the following describes where your organization currently stands with the implementation of Passwordless Authentication?

  • We have completed our implementation

    0%

  • We have begun implementing

    0%

  • We are planning to implement

    0%

  • We are open to but have not begun planning

    0%

  • We haven’t considered this

    0%

  • We considered it and are not planning on it

    0%

What hesitancies are there to implementing Passwordless Authentication in your organization?

  • Risk of employee lockout from critical systems

    0%

  • Cost of implementation

    0%

  • Concern about vendor support

    0%

  • Employee resistance to change

    0%

  • Compatibility with legacy systems

    0%

  • Complexity of implementation

    0%

  • Security concerns

    0%

  • IT team expertise

    0%

  • Other / None of these

    0%

Which of the following, if any, are benefits of using Passwordless Authentication?

  • Stronger access control

    0%

  • Improved employee experience

    0%

  • Reduced risk of password reuse, phishing, and other exploits

    0%

  • Improved employee productivity

    0%

  • Enhanced security

    0%

  • Lowered IT support costs

    0%

  • Other / There are no benefits

    0%

Which of the following describes where your organization currently stands with the implementation of Zero Trust Network Access (ZTNA) adoption?

  • We’ve successfully completed our ZTNA implementation without issue

    0%

  • We’ve completed our move to ZTNA and found it difficult to implement

    0%

  • We’ve just begun our move to ZTNA and it’s too early to tell how difficult the roll out will be

    0%

  • We’re planning on moving towards ZTNA but haven’t begun yet

    0%

  • We’ve considered ZTNA but aren’t committed to it

    0%

  • We are not considering implementing ZTNA

    0%

How strongly do you agree or disagree with the following statement: Based on what I've seen and heard, ZTNA does not work as well as has been promised.

  • Strongly agree

    0%

  • Somewhat agree

    0%

  • Somewhat disagree

    0%

  • Strongly disagree

    0%

How prepared is your organization for NIS2?

  • Fully / 100% prepared

    0%

  • Mostly prepared

    0%

  • Somewhat prepared

    0%

  • Not very prepared

    0%

  • Not at all prepared

    0%

  • NIS2 does not apply to us

    0%

How much do you agree or disagree with the following statement? It is impossible for even the most agile company to keep up to date with every regulation in a rapidly changing landscape.

  • Strongly agree

    0%

  • Somewhat agree

    0%

  • Somewhat disagree

    0%

  • Strongly disagree

    0%

How concerned are you that you may lose your job if your organization faces a major breach or cybersecurity attack?

  • Extremely concerned

    0%

  • Very concerned

    0%

  • Somewhat concerned

    0%

  • Not too concerned

    0%

  • Not concerned at all

    0%

How often does your organization evaluate new solutions to lower cyberinsurance premiums?

  • Supply chain attacks

    0%

  • Insider threats

    0%

  • Somewhat disagree

    0%

  • Regulatory fines and penalties

    0%

  • Ransomware payments

    0%

  • Intellectual property theft

    0%

  • Incidence response costs

    0%

  • Data restoration costs

    0%

  • Other / We do not have cyberinsurance

    0%

Which of the following, if any, are you not 100% sure your current cyberinsurance would cover?

  • All the time

    0%

  • Often

    0%

  • Sometimes

    0%

  • Rarely

    0%

  • Never

    0%

Methodological Notes:

The Portnox Survey was conducted by Wakefield Research (http://www.wakefieldresearch.com) among 200 US CISOs at companies with a minimum annual revenue of $500m with representative quotas set for company size, between August 29th and September 9th, 2024, using an email invitation and an online survey. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. For the interviews conducted in this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 6.9 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.

To view the full data from the survey, including a complete breakdown of respondent demographics, click here.

Contact:

For more information about this report, please contact Portnox by sending an email to [email protected].