Nearly half (45%) of companies do not employ a Chief Information Security Officer (CISO) as part of their security strategy. Of this group, 58% of security, IT and compliance professionals think their company should hire a CISO. Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.

A survey from Navisite polled 130 security professionals in the U.S. to determine their perceptions on the state of cybersecurity leadership and readiness within their organizations. The report, titled "The State of Cybersecurity Leadership and Readiness," found that more than 80% of respondents described their job title as either executive leadership or management, with more than 60% of respondents coming from mid-sized organizations between 100-5,000 employees.

Additional findings include:

  • Seventy-five percent of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.
  • Eighty percent of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.
  • Over two-thirds (70%) of respondents expressed confidence in the effectiveness of their cybersecurity program — but that confidence dropped to 58% for companies without a CISO.
  • Nearly half (47%) of survey takers believe their company spends too little on cybersecurity.

To read more survey findings, download the full report.