Nearly half of firms still don’t have a CISO

Lack of leadership hurts their confidence

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Despite cyber assaults such asransomwarerising in numbers over recent years, many organizations still don’t have a Chief Information Security Officer (CISO). What’s more, some of them are under the impression that they don’t even need one, with others saying they are struggling to find the right candidate due to the growing skills gap and the so-called “Great resignation”.

A new report published by Navisite surveying 130 security, IT, and compliance professionals found that almost half (45%) don’t employ a CISO. Of that group, just a slim majority (58%) think they should have one in the team.

Most organizations have a cybersecurity strategy, but for the majority (60%), it was developed by teams and people other than the CISO - it was either the IT department, compliance department, or executive leadership.

In fact, some companies (21%) don’t even have a person dedicated solely to cybersecurity, at all, while most of them (75%) experienced an increase in overall cybersecurity threat volume in the past 12 months.

Instilling confidence

Not having an executive to handle cybersecurity hurts the confidence of these companies, the report further said. Among firms with a Chief Security Officer, 70% were confident in the effectiveness of their strategies, while among those without one - 58% were confident.

Finally, many respondents would love to see their organization spend a little more money oncybersecurity solutions, staff, and training.

“The survey results support what we’re seeing across the board: organizations prioritized their security efforts during Covid, but at the same time, they’re acutely aware of how much more they need to do to effectively defend against cyber threats,” said Aaron Boissonnault, Navisite CISO.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The data also points to an ongoing problem in the industry: a cybersecurity skills shortage that extends to the highest levels. Companies value and want cybersecurity leadership, but it is increasingly difficult to find and retain these individuals.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well