As cyberattacks become more sophisticated and frequent, CISOs express concern about their organization’s defensive abilities.