Does your company employ a CISO? Many are operating without security leadership

45% of companies do not employ a Chief Information Security Officer (CISO), a Navisite research found. Of this group, 58% think their company should hire a CISO.

Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.

130 security, IT and compliance professionals were polled in the U.S. to determine their perceptions on the state of cybersecurity leadership and readiness within their organizations. More than 80% of respondents described their job title as either executive leadership or management, with more than 60% of respondents coming from mid-sized organizations between 100-5,000 employees.

Why you should employ a CISO?

• 21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is security/cybersecurity.
• 75% of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.
• 80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.
• 70% of respondents expressed confidence in the effectiveness of their cybersecurity program—but that confidence dropped to 58% for companies without a CISO.
• 47% of survey takers believe their company spends too little on cybersecurity.

“The survey results support what we’re seeing across the board: organizations prioritized their security efforts during COVID, but at the same time, they’re acutely aware of how much more they need to do to effectively defend against cyber threats,” said Aaron Boissonnault, Navisite CISO.

“The data also points to an ongoing problem in the industry: a cybersecurity skills shortage that extends to the highest levels. Companies value and want cybersecurity leadership, but it is increasingly difficult to find and retain these individuals.”