Organizations across the world have experienced swift changes in their business operations during the new normal. In particular, the adoption of the distributed work environment became a challenge for many companies, resulting in the rise of cyberattack risks. Several enterprises have increased their cybersecurity budgets to deal with new cybersecurity challenges. As the struggle of mitigating cyberthreats seems to surge, some organizations are wary about hiring security professionals. A recent analysis from cybersecurity solutions provider Navisite revealed that over 45% of organizations don’t employ a Chief Information Security Officer (CISO). Of this group, 58% think their company should hire a CISO.
Navisite surveyed IT and compliance professionals in the U.S. to determine their perceptions of the state of cybersecurity leadership and readiness within their organizations. Around 40% of respondents stated, their cybersecurity strategy was developed by a CISO or security team member, with 60% relying on other parts of their organization, including IT, executive leadership, and compliance.
- 21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is cybersecurity.
- 75% of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.
- 80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.
- 70% of respondents expressed confidence in the effectiveness of their cybersecurity program — but that confidence dropped to 58% for companies without a CISO.
- Nearly 47% of survey takers believe their company spends too little on cybersecurity.
Commenting on the survey findings, Aaron Boissonnault, Navisite CISO, said, “The survey results support what we’re seeing across the board: organizations prioritized their security efforts during COVID, but at the same time, they’re acutely aware of how much more they need to do to effectively defend against cyber threats. The data also points to an ongoing problem in the industry: a cybersecurity skills shortage that extends to the highest levels. Companies value and want cybersecurity leadership, but it is increasingly difficult to find and retain these individuals.”