56 percent of UK businesses plan to hire a CISO in the near future

Only a quarter of UK businesses currently employ a chief information security officer (CISO) but 56 percent plan to hire one in the next 6-24 months, according to a survey by cloud provider Fastly.  

In the cybersecurity survey of 251 information security and IT professionals at 250 companies, both the subject of CISOs and other more general cybersecurity related questions were asked. 

The chief information security officer (CISO) in an organisation is responsible for establishing and maintaining the company’s information security strategy. This includes developing and maintaining procedures and policies to protect communications, systems and assets from internal and external threats. The CISO’s role in an organisation is viewed as having great importance in helping to protect it from cybersecurity threats. 

Of the quarter of businesses who do currently hire a CISO, the construction/engineering industry is the sector which employs somebody in this role most often (75 percent). This is followed by local/national government (60 percent) and aerospace (50 percent). 

The survey also revealed a lack of clarity surrounding the role and purpose of the CISO, and also a difference in opinion among organisations. 31 percent of respondents believe CISOs should have an in-depth understanding of all areas of IT. On the other hand, a quarter claimed they are often blamed for things that aren’t their fault. 

Additionally, 23 percent said they are stretched too thinly, and 22 percent say they are overworked; yet 19 percent feel they are not good enough value for money. 

Fastly’s survey also found that, as well as having the aim of hiring a CISO, 21 percent of businesses want to invest further still in cybersecurity professionals. As well as this, issues around remote working are a concern to some, with 18 percent expressing a need to address the impact of remote working on company and employee security. 

On a slightly different note, the security professionals surveyed were also asked their opinion on security issues they felt would be costliest for UK businesses over the next five years. 

Top of the list were malware attacks (31 percent), followed by denial of service attacks (26 percent). Attacks targeting known vulnerabilities were close behind at 25 percent, followed by zero-day attacks at 24 percent. Attacks exploiting misconfigurations of cloud services came in at the same number. 

Commenting on the results of the survey, Sean Leach, chief product architect at Fastly said: “Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.” 

“These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats, they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic.”