Breaking NewsCyber SecurityIT Security

More than half of UK businesses plan to hire a CISO in the next two years


Fastly Inc., a global edge cloud platform provider, has researched the biggest security threats facing UK businesses today and in the next few years, to understand how businesses are looking to future-proof their systems. The research, based on insights from information security and IT professionals across 250 UK companies, revealed that only a quarter of businesses currently employ a CISO (Chief Information Security Officer) but a further 56% are planning to hire one within the next six months to two years. These dedicated leaders will help companies to understand and head-off potential threats as efficiently and effectively as possible. 

The research also found that certain sectors are ahead of the curve with 75% of businesses in the construction/engineering sector already having a CISO in place, closely followed by local/national government (60%) and aerospace (50%). 

The increased presence of CISO’s across UK businesses demonstrates a rising interest in the importance of having strong security solutions in place across businesses. Despite it being a relatively new role, Fastly’s research shows the CISO parameters are still unclear to many, with almost a third (31%) believing that CISO’s should have an in-depth understanding of all areas of IT. 

Furthermore, they often come under fire as the ‘scapegoat’ in difficult situations, with one in four claiming CISO’s are too often blamed for things which are not their fault. However, perceptions of this differ greatly across sectors, with over 50% of businesses in the government sector, construction/engineering and aerospace believing CISO’s are often blamed for things that aren’t their fault, compared with just 18% in the technology and finance sectors. 

Though UK businesses have identified the need for this lead role in security, in order for it to be a significant step in future-proofing their technology, the job specification needs to be clear in order to be effective. Fastly’s research also shows the role of the CISO is viewed very differently with 23% believing that CISO’s are stretched too thinly, 22% believing that they are overworked and underpaid and 19% even believing that they are not good enough value for money.

As part of this research, Fastly also identified the top five security issues that are going to be most costly for UK businesses over the next five years:

• Malware-based attacks (31%)

• Denial of service attacks (26%)

• Attacks targeting known vulnerabilities (25%)

• Attacks targeting unknown vulnerabilities (24%)

• Attacks exploiting the misconfiguration of an associated cloud service (24%)

Though the core role of the CISO should be to counteract these potential threats and more, UK businesses believe there is more investment needed to protect themselves over the next five years, with a particular focus on arming themselves against attacks on cloud services (30%), COVID-19 phishing schemes (26%) and use of multi-factor authentication.

In addition to the rise in CISO’s, one in five businesses also want to invest in further cybersecurity professionals (21%) and to address the impact of remote working on company and employee security moving forward (18%). 

In terms of future-proofing business technology, many are also concerned by the rise of AI (17%), data privacy (18%) and insider threats (16%). 

Speaking about the increased prevalence of the CISO role and the intended investment in security in the coming years, Sean Leach, Chief Product Architect at Fastly said: “Hiring a CISO is a crucial step in tackling the security threats facing organisations. However, they need to ensure this isn’t just a box-ticking exercise and that they fully embed their CISO into the organisation. This will come from a joint investment in both dedicated personnel, with clear and defined roles, paired with robust and adequate security tools.

“These findings show that, whilst businesses are beginning to understand how growing their digital offering will increase potential threats they still need to increase the security offerings that protect those technologies, otherwise the results can be catastrophic.”

The survey was conducted among 251 Information technology (IT)/Information security or Application development/Software engineering in 500+ UK companies. The interviews were conducted online by Sapio Research in July 2021 using an email invitation and an online survey. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. In this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 6.2 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.

For more information, visit: