Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership. That’s according to research from cyber security solutions provider BSS, which explores ‘How CISOs can succeed in a challenging landscape’.
Of the 150 UK-based information security decision makers surveyed, under a third (28%) agreed that the value of their role was recognised by the board. Less than a quarter (22%) stated that they are actively involved in wider business strategy and decision making. And only one in 10 (9%) said information security is always in the top three priorities on the boardroom’s meeting agenda, identifying a worrying lack of buy-in to its importance for fundamental business operations.
Further to this, half (49%) agreed that there is a lack of C-level buy-in to the role of information security with a third (32%) going as far to say that there is no C-Level buy-in at all. This poor attitude towards information security is highlighted by a notable 78% of respondents mentioning that high-profile security incidents have led to increased budget allocation and support – indicating investment for the wrong reasons.
Despite the increase in budget reported, half (55%) of CISOs surveyed say they are expected to spend their budget on what’s hitting the news headlines, rather than where it’s really needed. The value of the CISOs input in where increased budgets are spent is not being recognised.
Speaking about the new research, BSS Director, Chris Wilkinson said: “CISOs need a seat at the table. Such a poor level of prioritisation for information security is unacceptable in a world of evolving threats that can result in significant financial and reputational penalties.
“CISOs need to be forceful and use business impact as ammunition to give them leverage in the boardroom to receive the resources and investment they need. It’s high time CISOs are acknowledged as a vital enabler to commercial operations, with information security a part of every business decision.”
To find out more about the new research and download your own copy, visit the BSS website here.
The post The importance of CISOs is not recognised by senior leadership appeared first on IT Security Guru.