Report: Only half of companies employ a CISO

According to a new report from managed cloud service provider Navisite, nearly half (45%) of companies surveyed do not employ a chief information security officer (CISO). However, 58% believe they should hire a CISO or CSO.

It’s no secret that cyberthreats are skyrocketing in volume. But are organizations putting the necessary leadership in place to prepare for and defend against them? Due to a noticeable lack of cybersecurity leadership, Navisite found that 60% rely on other parts of their organization outside the CISO/CSO or security team, including IT, executive leadership, and compliance.

The data highlighted in Navisite’s report showcases the impact of the ongoing cybersecurity skills shortage. Companies express a desire to fill these C-suite-level cybersecurity leadership positions; however, Navisite’s findings likely highlight the lack of talent available to make filling those positions a reality. In addition, Navisite says the data reinforces the fact that while many organizations did a lot to bolster their defenses during the COVID-19 pandemic, there is still work to be done in order to effectively defend against cyberthreats.

Above: Despite nearly half (45%) of organizations operating without a CISO or CSO, 58% believe they should hire someone to fill that role.

Image Credit: Navisite

In addition to a lack of cybersecurity leadership positions, 75% of organizations also reported an increase in overall threat volume over the last year, with ransomware (37%) and phishing/spear-phishing (33%) reported as the top cyberthreats.

To understand the state of cybersecurity leadership and readiness, Navisite surveyed 130 security, IT, and compliance professionals. The report also includes respondents’ thoughts on the volume and variety of threats they are facing, confidence levels in their work to defend against those threats, and opinions on cybersecurity spending.

Read the full report by Navisite.