[BreachExchange] More than half of UK businesses plan to hire a CISO in the next two years

Thu Dec 9 09:56:47 EST 2021

https://www.intelligentcio.com/eu/2021/12/08/more-than-half-of-uk-businesses-plan-to-hire-a-ciso-in-the-next-two-years/#

Fastly, a global Edge cloud platform provider, has researched the biggest
security threats facing UK businesses today, and in the next few years, to
understand how businesses are looking to future-proof their systems. The
research, based on insights from information security and IT professionals
across 250 UK companies, revealed that only a quarter of businesses
currently employ a CISO (Chief Information Security Officer) but a further
56% are planning to hire one within the next six to 24 months. These
dedicated leaders will help companies to understand and head-off potential
threats as efficiently and effectively as possible.

The research also found that certain sectors are ahead of the curve, with
75% of businesses in the construction/engineering sector already having a
CISO in place, closely followed by local/national government (60%) and
aerospace (50%).

The increased presence of CISOs across UK businesses demonstrates a rising
interest in the importance of having strong security solutions in place
across businesses. Despite it being a relatively new role, Fastly’s
research shows the CISO parameters are still unclear to many, with almost a
third (31%) believing that CISOs should have an in-depth understanding of
all areas of IT.

Furthermore, they often come under fire as the ‘scapegoat’ in difficult
situations, with one in four claiming CISOs are too often blamed for things
which are not their fault. However, perceptions of this differ greatly
across sectors, with over 50% of businesses in the government sector,
construction/engineering and aerospace believing CISOs are often blamed for
things that aren’t their fault, compared with just 18% in the technology
and finance sectors.

Though UK businesses have identified the need for this lead role in
security, in order for it to be a significant step in future-proofing their
technology, the job specification needs to be clear in order to be
effective. Fastly’s research also shows the role of the CISO is viewed very
differently, with 23% believing that CISOs are stretched too thinly, 22%
believing that they are overworked and underpaid and 19% even believing
that they are not good enough value for money.

As part of this research, Fastly also identified the top five security
issues that are going to be most costly for UK businesses over the next
five years:

Malware-based attacks (31%)
Denial-of-Service attacks (26%)
Attacks targeting known vulnerabilities (25%)
Attacks targeting unknown vulnerabilities (24%)
Attacks exploiting the misconfiguration of an associated cloud service (24%)
Though the core role of the CISO should be to counteract these potential
threats and more, UK businesses believe there is more investment needed to
protect themselves over the next five years, with a particular focus on
arming themselves against attacks on cloud services (30%), COVID-19
phishing schemes (26%) and use of Multi-Factor Authentication.

In addition to the rise in CISOs, one in five businesses also want to
invest in further cybersecurity professionals (21%) and to address the
impact of remote working on company and employee security moving forward
(18%).

In terms of future-proofing business technology, many are also concerned by
the rise of AI (17%), data privacy (18%) and insider threats (16%).

Speaking about the increased prevalence of the CISO role and the intended
investment in security in the coming years, Sean Leach, Chief Product
Architect at Fastly, said: “Hiring a CISO is a crucial step in tackling the
security threats facing organisations. However, they need to ensure this
isn’t just a box-ticking exercise and that they fully embed their CISO into
the organisation. This will come from a joint investment in both dedicated
personnel, with clear and defined roles, paired with robust and adequate
security tools.

“These findings show that, while businesses are beginning to understand how
growing their digital offering will increase potential threats, they still
need to increase the security offerings that protect those technologies,
otherwise the results can be catastrophic.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211209/3355ed7d/attachment.html>