In a new report by Fastly, an edge cloud platform provider, it has found a consolidated Chief Information Security Officers (CISOs) hiring increase in 2023, after 120% growth in the preceding year.
According to the company, this means 73% of UK and Irish businesses now have a CISO and a further 15% are planning to hire one in the next two years.
However, despite efforts to bolster C-level security positions, Fastly’s data suggests there is still a lack of understanding of the role.
For example, nearly a third (27%) of IT leaders surveyed by Fastly think CISOs are blamed too often for things that are not their fault.
Coming under fire as a ‘scapegoat’ in difficult situations has not changed for the CISO over the past two years – 1 in 4 (25%) believed this in 2021 and 30% in 2022.
IT professionals are still struggling to identify the exact roles and responsibilities and expectations of the CISO differ across the industry.
Nearly two in five (39%) IT leaders believe that CISOs need to have an in-depth understanding of all areas of IT – a decrease from over half (54%) who believed this in 2022.
Similarly, 23% felt they were given too much legal and operational responsibility.
This again represents a decrease compared to 2022, when 34% of survey respondents agreed with this statement.
“Facing – and trying to plan for – unprecedented cybersecurity challenges in 2024, UK businesses have consolidated efforts to hire a professional able to take charge of cybersecurity strategy,” said Marshall Erwin, CISO, Fastly.
“Though, our data suggests there still exists confusion over what the role of the CISO’s actually entails.
“This disparity of opinion highlights how the role has evolved in recent years, particularly with challenges to organisation’s security postures and growing threat landscape.”
The lack of understanding surrounding the CISO role is impacting perceptions of its usefulness.
A quarter of IT leaders believe (24%) CISOs are overworked and underpaid, but nearly a fifth (18%) see them as poor value for money.
“Traditionally, the CISO role involved staying within the confines of IT and risk management.
“But in 2024 CISOs are increasingly seen as business leaders responsible for the strategic direction of an organisation’s cybersecurity strategy, which is where this lack of understanding about the role arises.
“Within two years, the majority of UK and Irish businesses will have filled the CISO role.
“For them to work effectively, there is clearly a need for organisations to develop greater understanding of the role amongst IT departments.”