Businesses are continuously adding cybersecurity focused individuals to the executive leadership, according to a new cybersecurity study conducted by IDG Communications. Talking about the numbers, 67% of the organizations say that they have a CISO, CSO, or a top security executive.
IDG Communications has recently released its 2021 IDG Security Priorities report. The research is based on the security related priorities that are the main focus of both IT and security leaders in the coming year. The study provides relevant insights related to the structure of security organizations, the variety of risks that businesses are presented with, and the specific cybersecurity solutions being invested in tackling these types of threats.
Status of Security and Responsibilities
It has been found in the latest research that businesses are continuously adding cybersecurity focused individuals to the executive leadership. Talking about the numbers, 67% of the organizations say that they have a CISO, CSO, or a top security executive. These executives also see the elevations in their reporting structures as they are directly reporting to the Board of Directors and CEO. Around 44% of the security leaders have said that they directly report to the CEO, and 21% of them report to the Board of Directors.
As various businesses seek to strengthen their risk management efforts, the research has shown that security leaders are being handed the reins of physical security. 57% of the security leaders say they are involved in IT and corporate /physical security decisions. Previously, the number was 52% in 2020.
Around 22% of the security leaders say that these responsibilities have been integrated into their role within the past three years. At the same time, 43% of them said that it had been an essential part of their role for more than three years. Along with that, an additional 11% of the security leaders expect physical security to be a part of their duty in the period of the next 12 months.
– story continues below the photo –
Insight Into Security Incidents and Short Falls
On an overall note, 91% of security leaders report that they have a good understanding of the causes of cybersecurity incidents that occurred in the past. However, it has been seen that the growing awareness has not resulted in reduced risk anyway. On one hand, businesses are getting better at identifying the root causes of their security incidents. On the other hand, 90% of the businesses believe that they are not well prepared for cyber risks. Major issues quoted by security leaders are:
- 30% of businesses face difficulty convincing all of the parts of their organization to take rigid actions to the risks they are exposed to
- 29% of them are not investing enough resources to address the risks
- 27% of them are not proactive enough when it comes to their cybersecurity strategy
SVP and Worldwide Managing Director/CSO at IDG, Bob Bragdon, said that as businesses grow to rely more on their OT environments, binding them into their IT environments to authorize business efficiencies. He also said that they are more likely to see attacks against IT flow over into OT, just like what we saw with the colonial pipeline. He further said that risk areas like the mentioned ones would continue to drive security leaders’ focus on creating resilience to address the variety of threats they face.