Freely subscribe to our NEWSLETTER

With this in mind, the research’s finding that 76% of business executives rate their organisation’s IT strategy as excellent or good at protecting against cybersecurity threats seems like positive news. Yet in spite of this, the research also found that this might be misplaced confidence which is leading to complacency, with 84% of executives also saying that their organisation had suffered from data loss or a security incident in the last two years – highlighting the enormity of the task that CISOs face.

The research uncovered a number of interesting reasons why this might be happening. Less than half of respondents said they had definitely received training on data security, while only one in three were fully aware of the policies and procedures they should take to protect the security of their organisation’s data. As a result, a number of concerning behavioural trends were seen, with 45% of employees saying they’d suffered a security incident at work and not reported it, and perhaps even more worryingly, 15% saying they had given their work log-in and password to others in the organisation.

Regular cyber security training for employees is critical, not least because of the increasing importance that consumers are placing on security. The research found that nearly two thirds of consumers would recommend an organisation that makes a big effort to keep their data safe, and a similar number said that security is more important than convenience when choosing who to buy from. The capacity for security to act as a brand differentiator becomes even clearer with the finding that only 16% of consumers strongly trust large organisations to protect their personal data.

In light of these trends and attitudes, the role of the CISO is simultaneously more critical and more multifaceted than even before. Their job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies. In spite of this, the research found that less than half of executives and employees could put a name to their CISO (or equivalent), with a similar ratio of respondents saying that their CISO doesn’t actively communicate with the rest of the organisation.

Kevin Brown, Managing Director of BT Security, said: “This report provides a number of clear examples of how CISOs are expected to provide leadership across an ever-growing number of areas. The huge increase in the pace of digital transformation during 2020 has not only further erased the traditional parameters of the role, but also intensified the scale and complexity of threats to protect against. As a result, CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”

Craig Jones, Director of Cybercrime at INTERPOL, commented: “The range and scale of cybercrime faced by governments, businesses and individuals is constantly growing. We firmly believe in working collaboratively across the public and private sector to make cyberspace a safer place, and this very much includes CISOs, who are often the first line of defence in responding to cyberattacks. This research from BT shows clearly the increasing responsibilities and expectations placed on the CISO today, and a number of clear steps they can take to improve their protections and our collective resilience.”