We are routinely told that cybersecurity awareness must increase, and that everyone within an organisation must be briefed, but despite these warnings CISOs have been found to be failing to drive progress globally.
The increasing commonality and severity of cyber-attacks has required CEOs to be more engaged in security, with reputational and financial consequences potentially crippling. Despite this, a worrying 19 per cent of CISOs said they share knowledge of all breaches with the CEO and the board.
A deep problem has potentially been unearthed in this research from F5 Networks, as 58 per cent of CISOs said that IT security is a standalone function, a viewpoint that is incongruent with the attitude that everyone should be engaged in security.
Just 22 per cent of the respondents said that security is directly integrated across the business, indicating that the majority of organisations globally are not collaborating to achieve heightened security.
In regard to the potentially major fallout from a cyberattack, only 45 per cent of CISOs have emergency funds reserved to handle a critical incident.
Mike Convertino, CISO, F5 Networks, said: “This new research provides a unique view into how CISOs are operating in today’s challenging environment… In many organisations, IT security is not yet playing the strategic, proactive role necessary to fully protect assets and defend against increasingly sophisticated and frequent attacks.”
These concerning findings are made all the more worrying by the possibility that the world is on the cusp of IoT crisis, with insufficiently secure devices flooding into society. CISOs do appear to be aware of the importance of this, as 80 per cent say that IoT will change security requirements.
CISOs also believe that AI and machine learning will be important in cybersecurity strategies in the near future, with 70 per cent agreeing with this globally.
“Cybersecurity challenges are intensifying worldwide and we need CISOs to step up and be more influential at the top… We also need business-leaders to recognise the growing threat cybersecurity poses in its many shifting forms. The measure of an organisation is how it pre-empts and responds to risk and – more than ever before – CISOs must lead the charge in this respect,” Convertino said.