Business security remains resilient in the wake of coronavirus, say CISOs

In its largest survey yet, ClubCISO interviews 158 security professionals to uncover, promote and support the critical role of information security in business.

ClubCISO, a global private members forum with an active community of over 500 Information Security leaders, powered by Telstra Purple, unveils the findings from its eighth annual Information Security Maturity Report. The report, which provides the current view of security issues facing businesses worldwide, indicates that years of innovation and hard work from CISOs have upheld security defences throughout COVID-19.

Existing security capabilities had remained strong over the pandemic, with less impact than anticipated before the crisis struck. However, new ways of working and a fragmented workforce have created unprecedented pressure on CISOs and their security teams. This year’s report once again shows stress and understaffed teams remain a key issue for CISOs and their employees, highlighting the need to address the growing skills gap the industry is facing.

Despite this, CISOs and security teams have reported positively on their organisations’ performance over the last year, citing improvements in overall security culture and resilience; 69% say their organisations’ security postures were improved or unchanged by COVID-19.

Business Resilience

COVID-19 has placed cybersecurity under the spotlight as new ways of working and threats have emerged. Despite this, 88% of CISOs surveyed believe their security capabilities have held up over the last twelve months – a much stronger result than when asked in the early days of the pandemic (77%). This shows the years of innovation and hard work to ensure rigorous capabilities has paid off for CISOs and their organisations.

COVID-19 has also provided CISOs with a unique opportunity to further support the need for change within their organisations and reinforce security as a key business function. In fact, we have seen a change at the board level in attitudes towards security. In 2021, 55% of CISOs say their boards take a balanced view, prioritising prevention and response in equal measure when it comes to their defences – a significant jump from 38% in 2020. In addition to this, 86% of CISOs believe their organisation now views security as being as important as they do; a considerable increase from 65% pre-pandemic.

However, we have seen criminals exploit the COVID-19  situation over the last twelve months. Remote working and the very nature of a fragmented workforce has led to an increase in entry points and vectors of attack that criminals can take advantage of. The most common vector of the attack reported was social engineering, including phishing, voice calls and whaling, (32%), followed by compromised credentials (25%).

Stephen Khan, Chair of ClubCISO said:

“This year, our ClubCISO Information Security Maturity Report highlights some significant improvements to global business security functions and improvements to organisations’  security culture. Though the pandemic has increased the risk of security breaches, with more sophisticated and numerous attacks taking place, security teams have adapted well and have used the unprecedented situation brought about by the pandemic to highlight the importance of security and increase their organisations’ understanding of it.”

Strong Security Culture

COVID-19 has reinforced the need for strong cybersecurity, and we have seen tangible, valuable improvements that show CISOs are making their organisations safer and better.  We have also seen an increase in CISOs driving measurable improvements in security training (58%) and, overall, much more comfort from CISOs on how their organisations view information security.

Encouragingly, 68% of CISOs agree their organisations now have a positive security culture, compared to only 45% in 2020. In addition, 61% of CISOs believe their organisations are making progress or feeling they exemplify best practice in security culture – a considerable increase from only 39% in 2020.

While positives can be drawn, CISOs still acknowledge the organisational culture and team subcultures as a major roadblock in driving the security agenda. Of those surveyed, 43% cite their organisation’s culture as a concern that affects their ability to deliver against objectives. CISOs must now continue to drive initiatives from the top; it is only this way that a strong, inclusive and knowledgeable environment can be fostered. 

The wellbeing of CISOs and security teams

Despite clear improvements in security culture and resilience, the pandemic has placed employees across the board under unprecedented stress levels. CISOs and security teams are no different; 64% of CISOs surveyed have experienced increased stress over the last 12 months. The report outlines a similar situation for their team; 6% of CISOs still report their team is experiencing ‘unbearable stress’, and 36% believe their teams’ stress negatively affects performance.

Team skills and resource shortages continue to be detrimental to the mental health of CISOs and their teams; 45% cite security team skills and resourcing greatly contribute to their stress levels, whilst 53% see insufficient staff as a key issue when delivering against objectives.

Stress continues to be a problem for the security community, and CISOs and organisations must work together to address this. On a more positive note, most CISOs surveyed ‘love’ their job, with 78% either agreeing or strongly agreeing.

Manoj Bhatt, ClubCISO Advisory Board Member and Head of Cyber Security Advisory at Telstra Purple said:

“Given today’s unrelenting threat landscape, CISOs have arguably the toughest jobs on the organisational chart. The CISO must be available to many different departments and remain ahead of the curve in an ever-changing threat landscape, across all areas of cybersecurity. This causes added stress which will filter down to members of the team.

“However, it’s encouraging to see that security is being taken even more seriously than before. Accelerated digital transformation during the pandemic has allowed projects to move at a faster rate, such as security awareness programmes, enabling remote access, and security monitoring. Confidence in the ability to meet security objectives has improved against last year too. Board members are realising the importance of balancing prevention and response capability, although it remains to be seen whether this has become an enduring sentiment in the boardroom. CISOs and board members must now continue to work and maintain those relationships beyond just crises and emergencies.”

READ MORE: 

Further building on robust foundations

This year’s report has clearly demonstrated how CISOs from across the globe have come together as a community to address key issues in the face of unprecedented adversity. Years of innovation and hard work have paid off, as security defences have stayed resilient during what has been a critical and challenging year for cybersecurity.

However, there is still more to be done. CISOs must continue to push forward in hiring from a diverse pool of talent and attract an inclusive team that can alleviate current pressures. In tandem, resilience will only remain if we nurture our own workforce. CISOs and their organisations must actively work to ensure their team’s mental well-being is a central focus.

The pandemic has bought us to a pivotal moment for the industry, and CISOs must ensure they keep security at the heart of their organisations to build on the good work that has been actioned over the last 12 months.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...