The CISO role has greatly expanded across the enterprise according to new global study

BT Security published the results of a global survey which canvassed the opinions of over 7,000 business leaders, employees and consumers from across the world. The research, conducted in partnership with Davies Hickman Partners, found that in a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities. With the research also identifying security as the top priority for businesses after coronavirus, CISOs have never been more integral to business operations.

The study found that 76% of business executives rate their organization’s IT strategy as excellent or good at protecting against cybersecurity threats. Yet in spite of this, the research also found that this might be misplaced confidence which is leading to complacency, with 84% of executives also saying that their organization had suffered from data loss or a security incident in the last two years – highlighting the enormity of the task that CISOs face.

The research uncovered a number of interesting reasons why this might be happening. Less than half of respondents said they had definitely received training on data security, while only one in three were fully aware of the policies and procedures they should take to protect the security of their organization’s data. As a result, a number of concerning behavioral trends were seen, with 45% of employees saying they’d suffered a security incident at work and not reported it, and perhaps even more worryingly, 15% saying they had given their work log-in and password to others in the organization.

Regular cyber security training for employees is critical, not least because of the increasing importance that consumers are placing on security. The research found that nearly two thirds of consumers would recommend an organization that makes a big effort to keep their data safe, and a similar number said that security is more important than convenience when choosing who to buy from. The capacity for security to act as a brand differentiator becomes even clearer with the finding that only 16% of consumers strongly trust large organizations to protect their personal data.

The research also found that with cyber threats continuing to grow at an alarming rate, the role of Chief Security Information Officer (CISO) has hugely expanded to take on a far wider set of critical responsibilities. The report, which includes a foreword from INTERPOL, also highlights a number of business and consumer attitudes which are shaping how they perform their role:

45% of employees said they’d suffered a security incident at work and not reported it
Only one in three were fully aware of the policies and procedures they should take to protect the security of their organization’s data.
Less than half of respondents said they had definitely received training on data security
15% of employees said they had given their work log-in and password to others in the organization.
Less than half of executives and employees could put a name to their CISO (or equivalent)
64% of consumers would recommend an organization that makes a big effort to keep their data safe
67% of consumers said that security is more important than convenience when choosing who to buy from.
Only 16% of consumers strongly trust large organizations to protect their personal data.

In light of these trends and attitudes, the role of the CISO is simultaneously more critical and more multifaceted than even before. Their job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies. In spite of this, the research found that less than half of executives and employees could put a name to their CISO (or equivalent), with a similar ratio of respondents saying that their CISO doesn’t actively communicate with the rest of the organization.

Kevin Brown, Managing Director of BT Security, said: “This report provides a number of clear examples of how CISOs are expected to provide leadership across an ever-growing number of areas. The huge increase in the pace of digital transformation during 2020 has not only further erased the traditional parameters of the role, but also intensified the scale and complexity of threats to protect against. As a result, CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”

The full report, which also provides a number of recommendations around how to improve an organization's security posture, is available to view here: https://www.globalservices.bt.com/en/insights/whitepapers/cisos-under-the-spotlight.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?