The coronavirus pandemic has put cybersecurity under a renewed spotlight. New ways of working and a fragmented workforce has challenged CISOs and their security teams; as the threat landscape has grown, nefarious actors have jumped at the chance to exploit the ever-fluid situation.
We have seen attacks grow in frequency and sophistication; Telstra’s Agility Report, which surveyed 500 senior IT and business decision makers across Europe was released earlier this year, and revealed that over half (65%) of respondents saw a dramatic rise in cyberattacks on their organisation during the pandemic. In addition to hacking efforts, businesses reported increased pressure from phishing (44%), fake contact tracing apps and calls (43%) and ransomware (43%), with the greatest increase in incidents in the energy, oil, gas and utilities sector (80%).
Despite this, the findings from ClubCISO’s eighth annual Information Security Maturity Report, is positive. The report indicates that years of innovation and hard work from CISOs has in fact resulted in upheld security defences throughout COVID-19.
The Information Maturity Report showed 88% of CISOs surveyed believe their security capabilities have held up over the last twelve months – a much stronger result than when asked in the early days of the pandemic (77%). In addition, 55% of CISOs say their boards take a balanced view, prioritising prevention and response in equal measure when it comes to their defences – a significant jump from 38% in 2020. 86% of CISOs also believe their organisation now views security as being as important as they do; a considerable increase from 65% pre-pandemic.
This shows the unique opportunity Covid-19 has afforded CISOs to further support the need for change within their organisations and reinforce security as a key business function. CISOs have successfully built and maintained defences that have upheld at one of the most crucial times for businesses in recent memory. This resilience has helped organisations navigate the pandemic and minimise the risk of both reputational and economic damage.
The report shows tangible, valuable improvements in security culture and the ways in which CISOs are making their organisations safer even though the engagement model may have changed. Encouragingly, 68% of CISOs agree their organisations now have a positive security culture, compared to only 45% in 2020. In addition, 61% of CISOs believe their organisations are making progress or feeling they exemplify best practice in security culture – a considerable increase from only 39% in 2020.
However, despite clear improvements in security culture and resilience, the pandemic has placed employees across the board under unprecedented levels of stress. Today’s unrelenting threat landscape means CISOs have one of the toughest jobs on the organisational chart, having to deal with securing companies that might have been through rapid transformational change.
64% of CISOs surveyed have experienced an increase in stress over the last 12 months and the report outlines a similar situation for their team; 6% of CISOs still report their team experiencing ‘unbearable stress’ and 36% believe the stress their teams are under negatively affects performance.
Alongside this, team skills and resource shortages continue to be detrimental to the mental health of CISOs and their teams; 45% cite security team skills and resourcing greatly contribute to their stress levels, whilst 53% see insufficient staff as a key issue when delivering against objectives.
This year’s ClubCISO report clearly demonstrates how CISOs from across the globe have come together as a community to address key issues in the face of unprecedented adversity.
However, there is always more to be done. CISOs must continue to push forward in hiring from a diverse pool of talent and attract an inclusive team that can alleviate current pressures. Moreover, CISOs and their organisations must actively work to ensure the mental wellbeing of their team is a central focus.
The pandemic has brought us to a pivotal moment for the industry and CISOs must ensure they keep security at the heart of their organisations and continue to build on the good work that has been actioned over the last 12 months.