Story image

CISOs face an uphill battle when rolling out comprehensive security

27 Sep 17

The role of the chief information security officer (CISO) is crucial to the rollout of organisation-wide IT security strategies, but they still have an uphill battle, according to research released last week by F5 Networks.

A study conducted by the Ponemon Institute surveyed senior security decision makers in 184 companies across China, India, the United Kingdom, Germany, Mexico, Brazil and the United States.

Despite results showing that 68% of respondents believe CISOs have the final word in IT security spending, the report also found that only 51% of companies have an organisation-wide IT security strategies.

“CISOs are in a tough spot. Organizations are squeezed by cyber criminals, new compliance requirements, and bleeding-edge technologies that erode privacy and stability. The team that leads defense efforts is becoming a more and more vital player in the long-term survival of any organization that sells, uses, or produces information technology—that is to say, everyone,” comments F5’s CISO Mike Convertino.

47% said their spending budgets had increased, but 40% said they had not changed at all. Budgets are also not being focused in the right areas. 45% said their security function doesn’t have clear lines of responsibility and 58% said it is a standalone function.

Security teams are struggling to attract attention from C-level executives: 43% said C-levels review, approve and support those businesses that do have an IT strategy.

Organisations are still running on reactive principles of security as a business priority. Senior executives do pay attention to data breaches (45%) and cybersecurity exploits (43%).

46% said that conversations with senior executives only happen when major incidents have occurred. 19% do not bother reporting breaches to the CEO and board of directors.

“This research provides a unique view into how CISOs are operating in today’s challenging environment,” Convertino says.

Respondents also see the potential for AI to fill cybersecurity skills shortage gaps. The average IT security headcount will rise from 19 to 32 full-time employees over the next two years.

However 58% have trouble finding qualified people and 48% are not able to offer a market-level salary.

50% of respondents agreed that computer learning and artificial intelligence will be able to serve staff shortages. 70% believe these technologies will be important to other IT security functions in the next two years.

“It’s clear CISOs are making progress in how they drive the security function and the leadership role they are assuming within companies. Yet in many organisations, IT security is not yet playing the strategic, proactive role necessary to fully protect assets and defend against increasingly sophisticated and frequent attacks,” Convertino concludes.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.