Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership. That’s according to research from cyber security solutions provider BSS, which explores ‘How CISOs can succeed in a challenging landscape’.
Of 150 UK-based information security decision makers surveyed for the report, under a third (28%) agreed that the value of their role was recognised by the board. Less than a quarter (22%) stated that they are actively involved in wider business strategy and decision making. And only one in 10 (9%) said information security is always in the top three priorities on the boardroom’s meeting agenda, identifying a worrying lack of buy-in to its importance for fundamental business operations.
Further to this, half (49%) agreed that there is a lack of c-level buy-in to the role of information security with a third (32%) going as far to say that there is no c-level buy-in at all. This poor attitude towards information security is highlighted by a notable 78% of respondents mentioning that high-profile security incidents have led to increased budget allocation and support – indicating investment for the wrong reasons.
Despite the increase in budget reported, half (55%) of CISOs surveyed say they are expected to spend their budget on what’s hitting the news headlines, rather than where it’s really needed. The value of the CISOs input in where increased budgets are spent is not being recognised.