Survey: Majority of CISOs Aren’t Getting Cyber Investments They Want

Cybersecurity is top of mind for chief information security officers, but more than half (54%) do not feel their C-suite overseers or boards provide ample investment to deal with cyber concerns, according to a survey released June 8.

Conducted by U.K.-based security firm Encore.io, the survey polled 100 CISOs, 100 C-level executives and 500 office workers from the U.S. and U.K., and it suggests a gap between CISOs and other C-suite personnel regarding cyber risk and response. More than 60% of CISOs reported they did “not feel fully supported by the board in mitigating against security threats,” even as the severity and frequency of cyber attacks increase year over year. CISOs would prefer more proactive approaches to cybersecurity by overseers. Respondents indicated that 12% of C-suite executives only discuss cybersecurity “when a breach occurs,” which could be a costly approach given that the average data breach now costs upwards of $4 million.

More than three in four CISOs surveyed said they viewed employees “as a risk” to their organization’s cyber health, with more than one in three office workers using personal devices for work purposes. Good training may offset some of that risk, however; 94% of CISOs feel their company provides adequate cyber training.