It seems to be at the moment anyone with a business and/or website, unfortunately, falls into the category of "likely to be a victim of a cyber attack".
That's why 56% of UK businesses plan to hire a chief information security officer (CISO) in the next 6-24 months, to help protect them from the increase in cyber attacks.
The government has already set out an initiative to combat cyber attacks but it seems companies are taking another proactive step towards cyber security, with the vision of employing a CISO.
According to the survey conducted by Fastly, only a quarter of businesses currently have a CISO, although there is significant variation across different industries. For example, 75% of organizations in the construction/engineering sector employ a CISO.
This report also highlighted the lack of clarity regarding the purpose and role of a CISO with over 30% of organizations believing that CISOs should have an in-depth, technical knowledge of all things IT.
Of those surveyed, it was interesting to see that 21% wanted to go beyond just hiring a CISO and want to invest further in cyber security professionals over the next 24 months.
Sean Leach, chief product architect at Fastly, commented: "Hiring a CISO is a crucial step in tackling the security threats facing organizations. However, they need to ensure this isn't just a box-ticking exercise and that they fully embed their CISO into the organization. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools."
More and more business leaders are realizing that cybersecurity isn't just a subset of IT, it's about building an in-depth strategy that extends to all corners of the business.
Recruiting a CISO
While many businesses are recruiting CISOs for the first time, the COVID pandemic has accelerated many companies' recruiting plans and it's no secret that finding and recruiting strong CISO candidates is far from easy.
An ever-growing talent pool of CISOs and cybersecurity professionals means an exciting job position can receive hundreds of applications within a couple of days.
But when it comes to hiring a CISO, businesses need to truly understand why they are doing so. Is it because they need someone to build a security infrastructure, to lead security strategy, or have they just been told they need to do so by the board of directors?
Different organizations require different skills of their CISOs, perhaps you're a smaller business that just needs a CISO to monitor the cyber aspects of IT and infrastructure. Other larger organizations have more complex cyber needs, and they'll likely require a CISO to lead the overarching security strategy.
Summary
The field of cyber security is growing at an exponential rate, and CISOs are taking on an increasingly wide range of responsibilities. Companies not only need to maintain security measures but they now also need to secure a remote workforce and build a security-minded company culture.
As cybercrime continues to grow, and organizations rely even more heavily on their digital infrastructure, strong leadership will be critical to ensuring the effective management of cyber risks.
Not ready for CISO? Make sure you are at least scanning for Vulnerabilities and scheduling regular penetration tests from 3rd parties to ensure your business security.
