Logo Header Menu

The compromising position facing UK CISOs

Cyber attacks have become an increasing source of anguish for UK businesses. The compromising position facing UK CISOs image

According to some estimates, cyber breaches cost mid-market businesses £30bn this year. Yet despite this, businesses appear to be dialing up the rhetoric and exuding an image of confidence. Our recent study into the cyber confidence of security professionals revealed that 71 percent of organisations promote their cyber defences as a selling point for the business.

Cyber security and small and medium-sized companies: how they can defend themselves in 2019 as the Cybercrime menace grows

Cybercrime continues to surge without a slowdown in sight. Cyber security and small and medium-sized companies is a big issue, but businesses can take steps to protect themselves, says Michael Fitzgibbon at Slice Insurance Technologies. Read here

This has placed CISOs in a compromising position. They are required to present a message of solidarity when, in reality, they are not confident in their ability to counter daily threats. The research showed that more than a third are only somewhat or slightly confident in the security solutions their organisation uses. Further still, only 17 percent believe their security stack is 100 percent effective. Two thirds hit by a breach in the past 12 months are unsure about their organisation’s ability to recover from another attack of a similar nature.

UK CISOs less confident that US CISOs

There are also notable differences in the confidence levels of CISOs in UK and US businesses. According to the Cyber Confidence research, where an attack had taken place, US respondents were twice as likely to believe their organisation could defend another attack (40 percent compared to 22 percent). Yet, top cyber professionals in US businesses were twice as likely to have reported more than 30 breaches in the last 12 months.

Senior professionals in the UK and US also think differently about how to mitigate the risks. UK CISOs believe that outsourcing is unlikely to provide the necessary level of security to alleviate concerns. Sixty-one percent were much more likely to deem it as having ‘about the same’ risk compared to in-house. Yet, this compares to just 44 percent of US respondents, many of whom were more comfortable in outsourcing to reduce risk.

CISOs in the firing line

Of course, when attacks hit, CISOs are quickly placed in the firing line. The breach that destabilised financial services firm Equifax provides a reminder of how exposed they can become. After the data of at least 147 million people was breached and put down to a ‘website application vulnerability’, CISO David Rimmer and his team were in the spotlight. According to the BBC, the fifty strong team were isolated from the rest of the company’s 11,000 staff. Mr Rimmer was also allegedly attacked for having a music degree, despite having over 30 years’ experience and cybersecurity not being a profession at the time.

AI and data security: a help or a hindrance?

What is AI’s role in data security and whose side is it on? Read here

The case was eventually settled with the US Federal Trade Commission receiving $700m (£561m) and the UK’s Information Commissioner’s Office receiving £500,000. It shines a light on the challenge facing businesses to both recruit and retain those in the most important roles. According to a report by Bitglass, 38 percent of the Fortune 500 companies don’t have a CISO in place. And of the 38 percent, 16 percent have another executive listed as responsible for their cybersecurity strategy. In addition, only 4 percent appear to see the role as valuable enough to place it on their company places.

Culpability a business issue

It is, of course, an oversimplification to believe top cyber professionals should have sole accountability for attacks. The approach of the C-Suite is as much of a determining factor of an organisation’s robustness. This is demonstrated by the fact that – aside from increasing threat vulnerabilities (49 percent) – a lack of staff training (41 percent), lack of funding (34 percent), insufficient staffing (31 percent) and a lack of board support (29 percent) all ranked as highly influential determinants of whether a business would be able to repel an attack, according to our research.

It would also appear that CISOs are simply being overwhelmed by the speed at which change is happening in the industry. Cyber monitoring, cyber resilience and cyber governance were identified as the top three areas for budget allocation.

Cyber security scores: a new standard in mitigating risk?

Andrew Martin, founder and CEO of DynaRisk, explains how cyber security scores are improving employee engagement for enterprises. Read here

Developing cyber confidence

Thankfully, CISOs do report that the outlook is improving, and they are hopeful that their confidence will increase. In fact, 62 percent reported that their confidence had improved over the past year. The vast majority (76 percent) of respondents also believed that cyber security is increasing as a priority within their organisations and many are already noticing a difference.

Achieving cyber confidence will come down to improved ability to defend and respond to attacks but also the increased collaboration between security teams and the wider organisation. To avoid hitting the headlines for a breach and suffering the adverse publicity implications, CISOs must move away from being perceived as reactive, to a more proactive, strategic approach. This allows for education of teams and implementation of adequate procedures, all underpinned by cyber technologies that add value to the business and provide visibility and actionable intelligence. This will also help bridge the gap between security team and the organisation’s perception of security, putting everyone on the same page and making sure CISOs are no longer being placed in that compromising position.

Written by Stuart Reed, VP of cyber security at Nominet

Latest news

divider
M&A
Global software sector has seen a surge in M&A deals

Global software sector has seen a surge in M&A deals

6 December 2019 / The volume of M&A deals in the global software sector has soared to its highest [...]

divider
Releases & Updates
BP to move data to AWS, closing European data centres

BP to move data to AWS, closing European data centres

5 December 2019 / This move by BP, which involves closure of their two Europe-based mega centres, was made [...]

divider
Cloud & Edge Computing
AWS and Verizon partner to deliver 5G edge solutions

AWS and Verizon partner to deliver 5G edge solutions

4 December 2019 / In what’s been touted as a world-first, the solution is set to be deployed on [...]

divider
Telecoms
More than mobile: how rapidly diversifying telcos can avoid critical overload and downtime

More than mobile: how rapidly diversifying telcos can avoid critical overload and downtime

4 December 2019 / How can telcos avoid downtime? As industry rivals go, telecoms businesses are among the fiercest [...]

divider
Digital Transformation
How are ASEAN countries leading the digital transformation wave

How are ASEAN countries leading the digital transformation wave

4 December 2019 / Association of Southeast Asian Nations (ASEAN) has one of the most robust economies in Asia. [...]

divider
Automation
Top five automation challenges in 2020, according to Forrester analyst

Top five automation challenges in 2020, according to Forrester analyst

4 December 2019 / Every enterprise is automating. That’s not the story. The challenge most CTOs face is that [...]

divider
Cybersecurity
10 ways businesses can protect customer data

10 ways businesses can protect customer data

3 December 2019 / The Information Commissioners Office (ICO) has warned organisations that they should be doing everything they [...]

divider
AI & Machine Learning
AI and the future of design

AI and the future of design

2 December 2019 / The design industry is yet another area where AI is making huge strides. Just recently, [...]

divider
Diversity
Women in IT Awards New York 2020: Nominations Open!

Women in IT Awards New York 2020: Nominations Open!

2 December 2019 / Taking place at the Grand Hyatt, this will be the third annual iteration of New [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest