45 Percent of Companies Don’t Have a Chief Information Security Officer

45 Percent of Companies Don't Have a Chief Information Security Officer

According to a new report by Navisite, 45 percent of companies don’t employ a Chief Information Security Officer (CISO). This information comes from the State of Cybersecurity Leadership and Readiness report based on a survey of 130 security and IT professionals in the United States. The report revealed just how many companies still lack the proper cybersecurity personnel on board.

ALERT: Our Buyer’s Guide for SIEM helps you evaluate the best solutions for your business use case and features profiles of the leading profiles, as well as a category overview of the marketplace and a Bottom Line Analysis for each vendor profile.

TechTarget defines a CISO as “a senior-level executive responsible for developing and implementing an information security program” — an essential position for any company. However, Navisite’s research shows that 45 percent of companies don’t employ a CISO. Worse, 21 percent answered that they don’t have a dedicated cybersecurity staff or employee, indicating how unprepared companies are to deal with targeted security attacks.

60 percent of companies rely on positions within the company besides the CISO/security team (IT, executive leadership, and compliance) for developing a cybersecurity strategy. While non-security professionals may be able to deal with simple threats, the cybersecurity threat landscape is anything but simple. Considering 75 percent of organizations experienced an overall increase in threat volume within the past year, it’s clear that this approach isn’t working.

In the company’s press release on the survey, Navisite CISO Aaron Boissonnault stated:  “The survey results support what we’re seeing across the board: organizations prioritized their security efforts during COVID, but at the same time, they’re acutely aware of how much more they need to do to effectively defend against cyber threats. The data also points to an ongoing problem in the industry: a cybersecurity skills shortage that extends to the highest levels. Companies value and want cybersecurity leadership, but it is increasingly difficult to find and retain these individuals.”

Download your copy of the State of Cybersecurity Leadership and Readiness report here.


Daniel Hein