Fastly, a leading global Edge cloud platform provider, found a consolidated Chief Information Security Officers (CISOs) hiring boom in 2023, with 81% of Australian businesses now having a CISO and a further 11% are planning to hire one in the next two years.
However, despite efforts to bolster C-level security positions, Fastly’s data suggests there is still a lack of understanding of the role. For example, 25% of IT leaders surveyed by Fastly think CISOs are often held responsible for cybersecurity incidents which are not their fault while 22% think security managers and security engineers are often held responsible.
IT professionals are still struggling to identify the exact roles and responsibilities, and expectations of the CISO differ across the industry. Over two-fifths (42%) of IT leaders view CISOs as crucial in keeping the business safe from threats. At the same time, just under half (45%) of IT leaders believe that CISOs need to have an in-depth understanding of all areas of IT. Similarly, 27% felt they were given too much legal and operational responsibility.
“Facing – and trying to plan for – unprecedented cybersecurity challenges in 2024, Australian businesses have consolidated efforts to hire a professional able to take charge of cybersecurity strategy. Though, our data suggests there still exists confusion over what the role of the CISO’s actually entails,” said Marshall Erwin, CISO, Fastly. “This disparity of opinion highlights how the role has evolved in recent years, particularly with challenges to organisation’s security postures and growing threat landscape.”
The lack of understanding surrounding the CISO role is impacting perceptions of its usefulness. While 16% of CISOs are viewed as overworked and underpaid, at the same time, 12% see them as poor value for money.
“Traditionally, the CISO role involved staying within the confines of IT and risk management,” added Erwin. “But in 2024, CISOs are increasingly seen as business leaders responsible for the strategic direction of an organisation’s cybersecurity strategy, which is where this lack of understanding about the role arises. Within two years, most Australian businesses will have filled the CISO role. For them to work effectively, there is clearly a need for organisations to develop greater understanding of the role amongst IT departments.”
Fastly has taken a deep dive into the security investments and plans of almost 1,500 global IT decision-makers – and offered concrete advice into how businesses can bolster security postures – in its recent report, The Race to Adapt: How your cybersecurity posture is affecting your business’s bottom line.