More than half of UK businesses plan to hire a CISO in the next two years

More than half of UK businesses plan to hire a CISO in the next two years

Fastly, a global Edge cloud platform provider, has researched the biggest security threats facing UK businesses today, and in the next few years, to understand how businesses are looking to future-proof their systems. The research, based on insights from information security and IT professionals across 250 UK companies, revealed that only a quarter of businesses currently employ a CISO (Chief Information Security Officer) but a further 56% are planning to hire one within the next six to 24 months. These dedicated leaders will help companies to understand and head-off potential threats as efficiently and effectively as possible. 

The research also found that certain sectors are ahead of the curve, with 75% of businesses in the construction/engineering sector already having a CISO in place, closely followed by local/national government (60%) and aerospace (50%). 

The increased presence of CISOs across UK businesses demonstrates a rising interest in the importance of having strong security solutions in place across businesses. Despite it being a relatively new role, Fastly’s research shows the CISO parameters are still unclear to many, with almost a third (31%) believing that CISOs should have an in-depth understanding of all areas of IT. 

Furthermore, they often come under fire as the ‘scapegoat’ in difficult situations, with one in four claiming CISOs are too often blamed for things which are not their fault. However, perceptions of this differ greatly across sectors, with over 50% of businesses in the government sector, construction/engineering and aerospace believing CISOs are often blamed for things that aren’t their fault, compared with just 18% in the technology and finance sectors. 

Though UK businesses have identified the need for this lead role in security, in order for it to be a significant step in future-proofing their technology, the job specification needs to be clear in order to be effective. Fastly’s research also shows the role of the CISO is viewed very differently, with 23% believing that CISOs are stretched too thinly, 22% believing that they are overworked and underpaid and 19% even believing that they are not good enough value for money.

As part of this research, Fastly also identified the top five security issues that are going to be most costly for UK businesses over the next five years:

  1. Malware-based attacks (31%)
  2. Denial-of-Service attacks (26%)
  3. Attacks targeting known vulnerabilities (25%)
  4. Attacks targeting unknown vulnerabilities (24%)
  5. Attacks exploiting the misconfiguration of an associated cloud service (24%)

Though the core role of the CISO should be to counteract these potential threats and more, UK businesses believe there is more investment needed to protect themselves over the next five years, with a particular focus on arming themselves against attacks on cloud services (30%), COVID-19 phishing schemes (26%) and use of Multi-Factor Authentication.

In addition to the rise in CISOs, one in five businesses also want to invest in further cybersecurity professionals (21%) and to address the impact of remote working on company and employee security moving forward (18%). 

In terms of future-proofing business technology, many are also concerned by the rise of AI (17%), data privacy (18%) and insider threats (16%). 

Speaking about the increased prevalence of the CISO role and the intended investment in security in the coming years, Sean Leach, Chief Product Architect at Fastly, said: “Hiring a CISO is a crucial step in tackling the security threats facing organisations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organisation. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.

“These findings show that, while businesses are beginning to understand how growing their digital offering will increase potential threats, they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic.”

Browse our latest issue

Intelligent CISO

View Magazine Archive