BT Security report finds that expectations of CISOs have never been greater

BT Security report finds that expectations of CISOs have never been greater

BT Security has published the results of a global survey which canvassed the opinions of over 7000 business leaders, employees and consumers from across the world. The research, conducted in partnership with Davies Hickman Partners, found that in a rapidly changing business environment, the role of the chief information and security officer (CISO) has hugely expanded in its scope and responsibilities. With the research also identifying security as the top priority for businesses after Coronavirus, CISOs have never been more integral to business operations.

With this in mind, the research’s finding that 76% of business executives rate their organisation’s IT strategy as excellent or good at protecting against cybersecurity threats seems like positive news. Yet in spite of this, the research also found that this might be misplaced confidence, which is leading to complacency, with 84% of executives also saying that their organisation had suffered from data loss or a security incident in the last two years – highlighting the enormity of the task that CISOs face.

The research uncovered a number of interesting reasons why this might be happening. Less than half of respondents said they had definitely received training on data security, while only one in three were fully aware of the policies and procedures they should take to protect the security of their organisation’s data. As a result, a number of concerning behavioural trends were seen, with 45% of employees saying they had suffered a security incident at work and not reported it, and perhaps even more worryingly, 15% saying they had given their work log-in and password to others in the organisation.

Regular cybersecurity training for employees is critical, not least because of the increasing importance that consumers are placing on security. The research found that nearly two thirds of consumers would recommend an organisation that makes a big effort to keep their data safe and a similar number said that security is more important than convenience when choosing who to buy from. The capacity for security to act as a brand differentiator becomes even clearer with the finding that only 16% of consumers strongly trust large organisations to protect their personal data.

In light of these trends and attitudes, the role of the CISO is simultaneously more critical and more multifaceted than even before. Their job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies. In spite of this, the research found that less than half of executives and employees could put a name to their CISO (or equivalent), with a similar ratio of respondents saying that their CISO doesn’t actively communicate with the rest of the organisation.

Kevin Brown, Managing Director, BT Security, said: “This report provides a number of clear examples of how CISOs are expected to provide leadership across an ever-growing number of areas. The huge increase in the pace of Digital Transformation during 2020 has not only further erased the traditional parameters of the role, but also intensified the scale and complexity of threats to protect against. As a result, CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they are placed at the heart of strategic decision making and planning.”

Craig Jones, Director, Cybercrime at INTERPOL, remarked that: “The range and scale of cybercrime faced by governments, businesses and individuals is constantly growing. We firmly believe in working collaboratively across the public and private sector to make cyberspace a safer place and this very much includes CISOs, who are often the first line of defence in responding to cyberattacks. The research from BT shows clearly the increasing responsibilities and expectations placed on the CISO today, and a number of clear steps they can take to improve their protections and our collective resilience.”

Browse our latest issue

Intelligent CIO Africa

View Magazine Archive