I am pleased to reveal that we’re launching our new research report, ‘How CISOs can succeed in a challenging landscape – Reimagining information security resilience and recovery in 2023.’
At BSS we understand how complex the role of CISOs has become and the increasing pressure to deliver tailored information security strategies that defend organisations from a continuously changing threat landscape. We know it’s high time for realistic conversations to be had about business objectives and the tailored security solutions needed to meet them.
So, for this research we’ve gleaned insights from 150 CISOs, detailing their priorities, challenges, budgets, and the state of C-Suite buy-in in information security. With this new insight we want CISOs to be able to benchmark against their peers to highlight the need for investment in information security and most importantly for more CISO voices to be heard in the boardroom.
Read on for a summary of our findings, tips for success in 2023 and beyond, as well as the full research report available for download.
Top CISO challenges
Misguided budget expectations
We were encouraged to find that many CISOs (61%) are experiencing a notable increase in funding but it seems this is accompanied by impractical expectations, with threats to the business not appearing to be fully understood by the budget holders.
Over three quarters of CISOs (78%), have received extra budget after high-profile cyber incidents. However, this knee-jerk reaction leads to over half (55%) having to spend money on what’s hitting the headlines instead of strategic investment in security defences.
This lack of understanding as to information security measures businesses actually need shows there is significantly more work to be done to ensure that information security receives the attention it deserves, especially in the boardroom.
No voice in the boardroom
Just 1 in 10 (9%) of CISOs surveyed said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Again, suggesting a significant lack of awareness and understanding of the importance of information security to business performance.
This level of prioritisation for information security is unacceptable. In a world of evolving threats that can result in significant financial and reputational penalties, CISOs are a vital enabler to commercial operations.
Talking of penalties, regulations are another top CISO challenge. The need to comply with the pace and variety of regulations issued by both the government and industry bodies like the Financial Conduct Authority (FCA), is relentless. Almost two thirds (64%) of respondents said regulations change before they can meet previous requirements, with nearly a third (29%) noting this is a significant challenge.
While daunting, CISOs can leverage this increasing scrutiny and use the fact that financial penalties and brand reputation are on the line to make the case for the resources and investment they need from the C-Suite.
Supply chain security
On top of regulations, challenges managing complex third-party supply chains only increase in organisations with larger security budgets.
The need for businesses to develop frameworks that effectively assess and understand supply chain risks and detail implementation and necessary changes is paramount. Over a quarter of respondents (27%) admit they are locked into long-term and/or expensive supplier contracts, but suppliers need to be kept accountable and meet your organisation’s requirements.
The shortage of talent with information security skills is hindering CISOs from expanding permanent headcount. In fact, nearly half (48%) of respondents agree that their organisation suffers from a lack of expertise. Aligned to the above supply chain risks, the biggest shortfalls of skills were in third-party assessment, risk assessment and assurance, and cloud engineering.
Moreover, nearly two-thirds (62%) noted at least a quarter of their permanent headcount isn’t based in the UK, which highlights a deficit when it comes to knowledge of local regulations, compliance, and risk. Fortunately, third party solutions providers like us exist to take some of the pain away.
Solving your problems
By working with BSS, CISOs can bolster information security defences and address top priorities and challenges without oversaturating in-house teams.
The beauty is that we can help with whatever challenge an organisation has. Whether CISOs need to assess their organisation’s supply chain, manage regulation, deliver a full-scale risk management programme, or develop long-term change management processes – we have the right people to help. We excel in delivering tailored solutions to address specific business requirements.
You can read and download the full ‘How CISOs can succeed in a challenging landscape’ report below.
In doing so, you’ll learn more about:
- The top investment priorities for CISOs in 2023
- The pressing challenges they face in their work
- How CISOs can gain more influence in the boardroom
- The benefits of full-service risk and information security providers