In organisations developing software-based products, responsibility is split: 50% of organisations assign security responsibility to CISOs, while 43% move security oversight to development teams.