BlueFort Security has announced the results of its 2022 CISO survey, which revealed that while CISOs are still experiencing challenges around visibility, intelligence and control, 47% are proactively focused on digital transformation and cloud migration.
BlueFort Security surveyed 600 CISOs from a variety of UK organizations and found most have moved beyond the challenges of widespread shift to remote working – which resulted in severely limited visibility, intelligence and control – and are now focused on digital transformation and migration to the cloud, despite a chaotic world and bleak economic environment.
88% of CISOs say cybersecurity has become more of a priority for their Board over the last 12 months. And while 37% of CISOs still have their cybersecurity budget defined as a subset of their organization’s general IT budget, 58% of CISOs expect world events to cause an increase in their cybersecurity budget over the next budget cycle.
CISOs focusing on cloud transformation
CISOs are looking to the future. When asked about the areas their departments are prioritising their time and budget, CISOs said they are accelerating digital transformation (47%) and ensuring cybersecurity protection is fit for purpose for the future (46%).
Enabling cloud transformation is now a key focus area for UK security leadership. With 57% of organizations using multiple clouds and 37% using a single cloud environment, CISOs now have a clear focus – secure the cloud and secure the (primarily cloud-based) applications. However, while progress has been made in securing these environments, 52% of CISOs are confident they are able to fully enforce a consistent security policy across all applications in the cloud. 42% can only partially enforce cloud application security policies, while 5% are unable to at all.
This challenge is likely to remain front and centre for CISOs over the next 12 months as their organizations continue along their digital transformation journeys, with 52% stating they will be moving applications to the public cloud, migrating apps from one cloud to another and replacing legacy systems with SaaS applications. And, while 62% of CISOs say their organization is using a cloud security posture management tool, 52% are manually standardising and enforcing security policies in their public cloud environments for each application.
Improving, but still poor, visibility: UK CISOs still lack visibility, intelligence and control over much of their organization’s estate, but relative to 12 months ago, the situation is improving. However, 57% of those surveyed admitted that they do not know where some or all their data is, or how it’s protected. CISOs were most likely to cite an increase in unbacked up data as a top security challenge over the last 12 months, with an increase in dormant email accounts also presenting challenges. 36% lack visibility of movers, joiners and leavers – an increase on last year – which highlights the ongoing complexities of managing a hybrid workforce.
The talent gap remains: The human element remains a key challenge for CISOs, and this is a double edged sword. Employees continue to be the ‘weak link’ in effective security strategies, particularly when it comes to keeping track of people, their devices and their data. 45% leave their computer logged in without being on it and use their work computer for personal use, while 43% delete suspicious emails without flagging them to IT and connect to public WiFi sources. Meanwhile, 84% of CISOs are actively recruiting to fill a skills shortage, while 87% of CISOs are looking to outsource to help fill this gap. 85% CISOs struggle to retain cybersecurity staff and 84% have just enough resources to cope with the basics of cyber security.
Consolidation of tools is critical: While adding more technology during the overnight shift to remote working temporarily solved some of the issues, it has likely diluted team attention spans and has led to more longer-term problems. When asked about barriers inhibiting adequate defence against cyber threat, 37% of CISOs cited a lack of collaboration between separate departments and low security awareness among employees (35%).
Reliance on 3rd parties has increased: These challenges are compounded by the lack of available talent and limited expertise within existing security teams. This skills gap remains a key challenge and is reflected in the move to outsource and rely on external skills support, with trusted partners most likely to be relied on (42%) to navigate the complex cybersecurity solutions market. This support is even more important during a security incident, with 41% of CISOs whose organization had suffered a breach relying on an external incident response firm and 44% using third parties to deal with stolen data following a breach.
“This year’s BlueFort CISO survey has a positive message – CISOs know the direction they need to go, even if they don’t know exactly which steps they will need to take to get there. The reality is CISOs are under huge pressure to deliver visibility, intelligence and control for their organizations while navigating the Wild West of the cyber landscape. CISOs are faced with finding order in chaos – all while the sector-wide talent shortage means security teams are doing more with less,” said Dave Henderson, CEO Sales and Marketing at BlueFort Security.
“Visibility is still one of the most pressing issues facing CISOs and a key element of this is assessing their estate, establishing which cybersecurity solutions they have and consolidating technology. The net result is that many CISOs are undertaking a significant declutter getting rid of no-longer used, oftentimes duplicate tools. Put simply, they are learning what they can live without,” continued Henderson.
“The industry is in a strong position moving into 2023. While CISOs recognise the ongoing skills shortage and the ever changing threat landscape, they now have a clearer idea of where they are, what challenges they are facing, and which gaps they need to fill. There are certainly challenges ahead, but this survey demonstrates CISOs remain laser focused on consolidation and collaboration. As they continue to reconcile their tools – removing those that deliver minimal value and prioritising best-in-breed solutions – CISOs will be well-placed to protect their organizations over the next 12 months,” concluded Henderson.