More than half (56%) of UK businesses plan to employ a chief information security officer (CISO) in the next 6-24 months to help protect them from surging cyber-attacks. This is according to a survey of 251 information security and IT professionals across 250 UK companies conducted by cloud provider Fastly.
The study revealed that only a quarter of businesses currently have a CISO, although there is significant variation across different industries. For example, 75% of organizations in the construction/engineering sector employ a CISO, followed by local/national government (60%) and aerospace (50%).
There was also a lack of clarity regarding the role and purpose of CISOs within organizations. For example, nearly a third (31%) of respondents believe CISOs should have an in-depth understanding of all areas of IT. Additionally, 23% said CISOs are stretched too thinly, 22% believe they are overworked, and 19% feel they are not good enough value for money.
Worryingly, a quarter claimed that CISOs are often blamed for things that aren’t their fault.
The respondents were also asked what they believed would be the security issues that would be costliest for UK businesses over the next five years. Of most concern were malware-based attacks (31%), followed by denial of service attacks (26%), attacks targeting known vulnerabilities (25%), attacks targeting unknown vulnerabilities (24%) and attacks exploiting the misconfiguration of an associated cloud service (24%).
As well as the growing interest in employing CISOs, 21% of businesses want to invest further in cybersecurity professionals and 18% expressed the need to address the impact of remote working on company and employee security moving forward.
Sean Leach, chief product architect at Fastly, commented: “Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.”
“These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic.”