The ever-growing role of the CISO

Read time 3min 20sec
Kevin Brown,  MD of BT Security.
Kevin Brown, MD of BT Security.

The role of the CISO has significantly expanded in its scope and responsibilities. With cyber security heading the priority list for organisations during the COVID-19 pandemic, CISOs have never been more integral to business operations.

This was one of the key findings of a global survey conducted by BT Security, in partnership with Davies Hickman Partners, which canvassed the opinions of over 7 000 business leaders, employees and consumers from across the world.

The survey revealed that 76% of business executives rate their organisation’s IT strategy as excellent or good at protecting against cyber security threats. However, the report cautions that this might be misplaced confidence, which is leading to complacency, with 84% of executives also saying that their organisation had suffered from data loss or a security incident in the last two years.

Not enough training

According to the report, there are a number of reasons why this might be happening. Less than half of respondents claimed to have received training on data security, while only one in three said they were fully aware of the policies and procedures they should take to protect the security of their business’s data.

CISOs are expected to play a key role in managing brand perception, employee engagement and the strategic adoption of new technologies.

This resulted in a number of concerning behavioural trends, with 45% of employees saying they had suffered a security incident at work and not reported it, and more worryingly, 15% saying they had shared their work log-in and password with others in the organisation.

Regular cyber security training for staff members emerged as critical, largely due to the growing importance that consumers are placing on security. The survey found that nearly two thirds of consumers would recommend an organisation that makes a concerted effort to keep their data safe, and a similar number viewed security as more important than convenience when selecting who to buy from.

It became clear that security is a brand differentiator with the finding that only 16% of consumers strongly trust large organisations to protect their personal data.

A critical, multi-faceted role

According to BT, these trends and attitudes highlight how the role of the CISO is more critical and multifaceted than even before. 

CISOs are no longer only tasked with protecting against threats and managing risk – they are expected to play a key role in managing brand perception, employee engagement and the strategic adoption of new technologies.

However, despite this, the survey found that less than half of executives and employees could put a name to their CISO (or equivalent), with a similar ratio of respondents saying that their CISO doesn’t actively communicate with the rest of the organisation.

“This report provides a number of clear examples of how CISOs are expected to provide leadership across an ever-growing number of areas,” said Kevin Brown, MD of BT Security. “The huge increase in the pace of digital transformation during 2020 has not only further erased the traditional parameters of the role, but also intensified the scale and complexity of threats to protect against. As a result, CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”

Craig Jones, director of Cybercrime at INTERPOL, said that the variety and scale of cyber crime faced by governments, businesses and individuals is always growing.

“We firmly believe in working collaboratively across the public and private sector to make cyber space a safer place, and this very much includes CISOs, who are often the first line of defence in responding to cyber attacks,” added Jones.

See also