2024 Luxembourg market survey

Out of the shadows: CISOs and DPOs in the spotlight!

Out of the shadows: CISOs and DPOs in the spotlight!
  • Survey
  • June 05, 2024

With the active support of the Club de la Sécurité de l’Information (CLUSIL), the Commission Nationale pour la Protection des Données (CNPD), the Commission de Surveillance du Secteur Financier (CSSF), and the Institut Luxembourgeois de Régulation (ILR), we are happy to release the 2024 edition of the Out of the shadows: CISOs and DPOs in the spotlight! survey. With a larger sample and expanded sections, this latest edition aims to provide valuable insights for all public and private stakeholders on how CISOs and DPOs in Luxembourg can emerge as key players in safeguarding their organisations.

European regulations are a recurrent theme, increasingly shaping Luxembourg's cybersecurity and data protection landscape. CISOs consider the enhanced awareness of digital operational resilience among top management to be one of the Digital Operational Resilience Act (DORA)’s main contributions to cybersecurity. DPOs, on the other hand, seem to be more operations-oriented, stating that the improved level of security in their company is DORA’s main benefit. Over three-quarters of CISOs and half of DPOs expect the revised Network and Information systems Security Directive (NIS2) to bring them more regulatory compliance duties and expanded cybersecurity measures for their companies.

Download our survey

Methodology and respondents' profiles

We conducted the last version of the CISOs and DPOs Survey in Q1 2024. In this cross-industry examination, 97 CISOs and DPOs contributed valuable insights into the Grand Duchy's cybersecurity and data protection landscape.

Respondents' professional role
Turnover of the companies CISOs and DPOs work in (EUR mn)
Headcount of the companies CISOs and DPOs work in
Sector and industries of respondents
Sector and industries of respondents

Note: Percentages may not add up to 100% due to rounding.

Key takeaways

Respondents' gender, 2022-2024

Close to a quarter of respondents were women, an improvement compared to 8% in the 2022 edition of our survey. Nevertheless, Luxembourg's cybersecurity and data privacy fields still have a long way to go in closing the gender gap.

Respondents' gender, 2022-2024

Barriers encountered by CISOs and DPOs

Over half of CISOs highlighted political decisions – namely, decisions taken which put individuals’ career interests ahead of the company’s interests – as a barrier to professional success. However, when compared with the last edition of the survey, internal silos and shadow IT have decreased as a barrier to the fulfilment of CISOs’ and DPOs’ responsibilities.

Barriers to success encountered by CISOs and DPOs

Perception of CISOs and DPOs companies

With over a fifth of respondents stating that their companies have been affected by a security incident at least once, cyber threats have undoubtedly become a significant concern for the Luxembourgish private and public sectors. Nonetheless, CISOs and DPOs are generally optimistic regarding how cybersecurity and data compliance have improved significantly over the last few years.

Companies should leverage digital practices to enhance efficiency, revenue, and competitiveness while preparing for future challenges. The capacity to anticipate, prepare for, respond to, recover from, and adapt to cyberattacks has become significant. These combined efforts are progressively shaping the future of CISOs and DPOs, allowing them to become more active in their organisations and ensure they are better equipped and prepared for dealing with all sorts of cyber threats.

Perception of the state of CISOs and DPOs companies' security over the last three years
Perception of CISOs and DPOs companies' data protection and privacy compliance over the last three years

Benefits which GenAI will bring, according to CISOs and DPOs

Both CISOs and DPOs are involved in implementing artificial intelligence (AI) projects, with the former being slightly more likely to be involved from the start and receive support requests. CISOs consider threat detection, the amplification of data categories, continuous monitoring, and customised intelligence to be the main benefits of Generative AI (GenAI). On the other hand, DPOs expect GenAI to amplify the types of data available to firms, support compliance efforts, and strengthen defences.

Benefits which GenAI will bring to CISOs' and DPOs' companies

Impact of legislations according to CISOs and DPOs

Apart from DORA and the NIS2, well-implemented cybersecurity and data privacy regulations are crucial to prevent such incidents and ensure the security and resilience of networks and information systems. The EU has been a pioneer in this regard; surprisingly, the Data Governance Act is seen as one of the regulations impacting CISOs and DPOs the most. Nevertheless, it should be recalled that this regulation is not about data governance but a framework that will facilitate and promote voluntary data-sharing. At the same time, the Data Act structures the framework and clarifies who can create value from data and under which conditions.

Legislations which have impacted, or will impact, CISOs’ and DPOs’ companies


As many technological innovations increasingly find their way into everyday business operations, CISOs and DPOs in Luxembourg are at a crossroads. Saying that the challenges they face are complicated would be an understatement.

Overall, the outlook for CISOs and DPOs appears optimistic. Firms across sectors and industries in Luxembourg are increasingly seeing cybersecurity and data privacy matters less from a compliance angle and more as a core business requirement. This is aptly demonstrated by the increasing roles and responsibilities of CISOs and DPOs.

As AI tools and other technological marvels become central to employees’ daily activities and geopolitical tensions across a fracturing world bring about a host of cyber risks, CISOs and DPOs cannot afford to sit in the shadows.

Out of the shadows: CISOs and DPOs in the spotlight!

2024 Luxembourg market survey

Contact us

Maxime Pallez

Cybersecurity Director, PwC Luxembourg

Tel: +352 62133 41 66

Antonin Jakubse

Senior Manager, Privacy, PwC Luxembourg

Tel: +352 62133 44 12

Stay Connected:

Required fields are marked with an asterisk(*)

Please select the cybersecurity service(s) you are interested in and would like to discuss further

Please select the privacy service(s) you are interested in and would like to discuss further:

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.