96% of CISOs without necessary support to maintain cyber security

CISO in a cyber security operations center with two colleagues
(Image credit: Getty Images)

The vast majority of chief information security officers (CISOs) do not receive the executive support necessary to prevent cyber attacks, according to a new report.

As many as 96% of surveyed CISOs said they don’t have the tools needed to improve the security posture of their firms. 94% agreed that having the right tools could save significant time in their daily tasks.

Almost half (49%) of respondents indicated that their roles would be less difficult if employees understood how challenging cyber security is, and over a third (34%) pointed to lack of team talent as a top hurdle.

Tellix’s study surveyed more than 500 CISOs from companies with at least 1,000 employees from across the globe.

The results also showed that requisitioning is only part of the problem when it comes to cyber security posture.

Nearly one in two (44%) respondents reported that they would value access to a single enterprise tool through which security posture could be improved, instead of the 25 individual security tools that organizations use on average.

RELATED RESOURCE

Red whitepaper cover with title and logo above circular images of colleagues using laptops, and servers

(Image credit: Trend Micro)

Beat cyber criminals at their own game

A guide to winning the vulnerability race and protection your organization

DOWNLOAD FOR FREE

“We get tool exhaustion at some places where money is just thrown at tools and they’re only using a quarter of it,” said one CISO in the US public sector. 

“So having a unified security tool, that’s been built and understood by security people and CISOs and analysts and engineers, that understand their day-to-day work and activities when it comes to certain things is, I think, something that’s missing.” 

In the UK, 50 CISOs were surveyed and largely followed the trends indicated in the global results. 

One noteworthy divergence was the extent to which UK CISOs felt fully or mostly accountable for the major cyber security incidents they have overseen, with 80% indicating that they did against the lower global rate of 72%. 

UK churn rates were in line with worldwide figures, however, with 42% having experienced major attrition within their teams as a result of incidents compared to 43% across all global participants.

The report linked this high resignation rate to the pressure that security operations teams often fall under, with 86% of CISOs having presided over major security incidents overall.

“Faced with an increasingly complex and ever-evolving threat landscape, CISOs are often under-resourced and stretched too thin,” said Fabien Rech, SVP EMEA at Trellix

“This causes significant stress amongst 40% of SecOps teams across EMEA, with 43% experiencing major attrition as a result. As an industry, we have seen an observable bleed of talent as cybersecurity professionals are being asked to do more with less.”

In 2020, Nominet’s CISO stress report indicated that 48% of CISOs felt work stress was impacting their mental health, and in February 2023 Gartner stated almost half of cyber leaders could leave roles due to stress by 2025.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.