From education to employment

Survey Reveals UK CISOs Driving Blindfolded – With Restricted Visibility, Intelligence and Control

An overwhelming percentage (75%) of CISOs consider their organisation to be at greater risk of a cybersecurity attack due to the transition to home working, with a third admitting they’ve taken their eye off the ball during these past 12 months losing track of leavers and devices, according to a new survey from BlueFort Security (@BlueFortSec), a provider of cybersecurity solutions. 

The study, which surveyed 600 CISOs from a variety of UK organisations, found that the combination of the COVID-19 pandemic, the resulting accelerated shift to digital, and the ongoing skills gap, have created a perfect cybersecurity storm leaving them more vulnerable to attacks than ever before. 

A consequence of squeezed budgets and priorities has meant that 30% of CISOs have lost track of movers, joiners and leavers. Moreover, 29% have said they are missing corporate devices. Over a quarter (27%) of CISOs surveyed said gaps in staff cybersecurity awareness and knowledge have emerged, and the same percentage (27%) said the same of concerns regarding supply chain partner cybersecurity. 

More than three quarters (77%) of CISOs admitted their business had experienced a cybersecurity incident in the last 12 months. This is despite the fact that almost the same percentage (74%) said their organisation had introduced additional cybersecurity measures due to remote working. Almost half (47%) said that mitigating cybersecurity threats had been their key priority and 41% prioritised identity and access management over the same period.

Looking to the future, once COVID restrictions have eased, 38% of CISOs expect their organisation to work in a hybrid way (between workplace and home). The direct impact of that is that the majority (85%) of CISOs believe managing cyber risk will become more complicated.  For example, nearly half (44%) think their company should introduce a rigorous enforcement of cybersecurity policies and sanctions to encourage tighter cybersecurity practices. Other reasons given include managing a remote workforce is more difficult (30%); the threat surface is more disparate and diverse due to hybrid or remote working (26%); it will be less clear where the end-points data is (24%); and there are more threats to worry about (20%).

On a positive note, almost 9 in 10 (89%) respondents state that cybersecurity has become more of a priority to their Board in the last 12 months, and CISOs are investing in new technologies to help address these emerging challenges. 35% are looking at automation, 34% at machine learning, and the same percentage (34%) at network detection and response. 32% of CISOs are looking to deploy zero trust architecture and the same percentage (32%) said end-point detection and response. 27% of CISOs said they are looking to deploy AI. 

Ian Jennings, co-founder of BlueFort Security commented:

“The fact that CISOs have had a particularly tough time these past 18 months isn’t a surprise. What shocked me was the severity of the impact. It’s a sorry tale of a lack of visibility – of their infrastructure, their devices and their people – which has led to poor intelligence and restricted control. The positive takeaway from this is the recognition that new technology will play a significant role when it comes to redressing the balance.” 

Related Articles