Responsibilities mounting for CISOs, says BT Security

A report from BT Security has found the role of Chief Information Security Officer (CISO) has been expanding, taking on a far wider set of critical responsibilities, as cyber threats continue to grow.

 In its largest ever research project, BT Security carried out a survey of over 7,000 business leaders, employees, and consumers from all around the world. The survey identified that the role of CISO is hugely expanding in both scope and responsibilities, particularly as cybersecurity becomes a top priority for businesses adapting to remote working.

While 76 per cent of business leaders considered their IT strategy as excellent or good, 84 per cent admitted that their organisation had experienced data loss or another security incident in the past two years, suggesting misplaced confidence.

Fewer than half of the respondents had received training on data security, and just one in three were fully aware of their organisation’s policies and procedures for protecting data. Perhaps as a result of this lack of cybersecurity training, 45 per cent of employees said that they had suffered a work-related security incident and not reported it, while 15 per cent had given their work log-in and password to others within the organisation.

Cybersecurity training is not just important for the sake of data protection; the survey suggested that it also improves consumers’ perception of businesses. Nearly two-third of consumer respondents said that they would recommend an organisation which makes a great effort to protect their data and a similar number said that security is more important than convenience when selecting a vendor. Making security a priority and part of an organisation’s brand could be particularly valuable, considering that just 16 per cent of consumers strongly trust large organisations to protect their personal data.

This renders the CISO more critical and diverse than before, with an important role in managing employee engagement, brand perception, and adoption of new technologies. However, fewer than half of executives and respondents could name their CISO or equivalent, and a similar fraction said that their CISO does not actively engage with the rest of the organisation.

“This report provides a number of clear examples of how CISOs are expected to provide leadership across an ever-growing number of areas,” said Kevin Brown, managing director of BT Security. “The huge increase in the pace of digital transformation during 2020 has not only further erased the traditional parameters of the role, but also intensified the scale and complexity of threats to protect against.”

“As a result, CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”

Craig Jones, head of cybercrime at Interpol: “The range and scale of cybercrime faced by governments, businesses and individuals is constantly growing. We firmly believe in working collaboratively across the public and private sector to make cyberspace a safer place, and this very much includes CISOs, who are often the first line of defence in responding to cyberattacks.”