New research finds that the expectations of Chief Information Security Officers have never been greater

BT Security’s largest ever research project identifies the major trends that are changing the role of the CISO, and some worrying behaviours that show the need for a strategic response

BT Security has published the results of a global survey which canvassed the opinions of over 7000 business leaders, employees and consumers from across the world. The research, conducted in partnership with Davies Hickman Partners, found that in a rapidly changing business environment, the role of the CISO has hugely expanded in its scope and responsibilities. With the research also identifying security as the top priority for businesses after coronavirus, CISOs have never been more integral to business operations.

With this in mind, the research’s finding that 76% of business executives rate their organisation’s IT strategy as excellent or good at protecting against cybersecurity threats seems like positive news. Yet in spite of this, the research also found that this might be misplaced confidence which is leading to complacency, with 84% of executives also saying that their organisation had suffered from data loss or a security incident in the last two years – highlighting the enormity of the task that CISOs face.

The research uncovered a number of interesting reasons why this might be happening. Less than half of respondents said they had definitely received training on data security, while only one in three were fully aware of the policies and procedures they should take to protect the security of their organisation’s data. As a result, a number of concerning behavioural trends were seen, with 45% of employees saying they’d suffered a security incident at work and not reported it, and perhaps even more worryingly, 15% saying they had given their work log-in and password to others in the organisation.

Regular cyber security training for employees is critical, not least because of the increasing importance that consumers are placing on security. The research found that nearly two thirds of consumers would recommend an organisation that makes a big effort to keep their data safe, and a similar number said that security is more important than convenience when choosing who to buy from. The capacity for security to act as a brand differentiator becomes even clearer with the finding that only 16% of consumers strongly trust large organisations to protect their personal data.

In light of these trends and attitudes, the role of the CISO is simultaneously more critical and more multifaceted than even before. Their job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies. In spite of this, the research found that less than half of executives and employees could put a name to their CISO (or equivalent), with a similar ratio of respondents saying that their CISO doesn’t actively communicate with the rest of the organisation.

Kevin Brown, Managing Director of BT Security, said: “This report provides a number of clear examples of how CISOs are now expected to provide leadership across an ever-growing number of areas. The huge increase in the pace of digital transformation during 2020 has not only further erased the traditional parameters of the role, but also intensified the scale and complexity of threats to protect against. As a result, CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”

Craig Jones, Director of Cybercrime at INTERPOL, commented: “The range and scale of cybercrime faced by governments, businesses and individuals is constantly growing. We firmly believe in working collaboratively across the public and private sector to make cyberspace a safer place, and this very much includes CISOs, who are often the first line of defence in responding to cyberattacks. This research from BT shows clearly the increasing responsibilities and expectations placed on the CISO today, and a number of clear steps they can take to improve their protections and our collective resilience.”

The full report, which also provides a number of recommendations around how organisations can improve their security posture, is available to view here: https://www.globalservices.bt.com/en/insights/whitepapers/cisos-under-the-spotlight

For further information on how BT can secure your organisation, visit: www.bt.com/security  

About BT

BT Group is the UK’s leading telecommunications and network provider and a leading provider of global communications services and solutions, serving customers in 180 countries. Its principal activities in the UK include the provision of fixed voice, mobile, broadband and TV (including Sport) and a range of products and services over converged fixed and mobile networks to consumer, business and public sector customers. For its global customers, BT provides managed services, security and network and IT infrastructure services to support their operations all over the world. BT consists of four customer-facing units: Consumer, Enterprise, Global and its wholly-owned subsidiary, Openreach, which provides access network services to over 650 communications provider customers who sell phone, broadband and Ethernet services to homes and businesses across the UK.

For the year ended 31 March 2020, BT Group’s reported revenue was £22,905m with reported profit before taxation of £2,353m.

British Telecommunications plc is a wholly-owned subsidiary of BT Group plc and encompasses virtually all businesses and assets of the BT Group. BT Group plc is listed on the London Stock Exchange.

For more information, visit www.bt.com/about