55% of UK businesses now have a CISO, compared to only 25% at the end of 2021

According to Fastly research there has been a Chief Information Security Officers (CISOs) hiring boom in the last 12 months, with over twice as many more UK companies now having a CISO than in 2021. This means that 55% of UK businesses now have a CISO, compared to only a quarter at the end of 2021.

However, despite UK organisations’ enthusiasm for CISO hiring, Fastly’s data suggests there is still significant misunderstanding of the role – and that this is getting worse. For example, nearly one in three (30%) IT leaders surveyed by Fastly saw CISOs coming under fire as the ‘scapegoat’ in difficult situations, and being regularly blamed for things that weren’t their fault – an increase from 1 in 4 (25%) who believed this in 2021.

Even within IT departments, professionals are struggling to identify the exact roles and responsibilities of the CISO. More than half (54%) of IT leaders believe that CISOs need to have an in-depth understanding of all areas of IT. This again represents an increase compared to 2021, when 31% of survey respondents agreed with this statement. Similarly, over a third (34%) felt they were given too much legal and operational responsibility, which is a key part of the CISO role.

Fastly’s Chief Product Architect, Sean Leach commented: “In the face of ever-increasing cybersecurity risk, UK businesses clearly see the need for a professional able to take charge of cybersecurity strategy. However, our data suggests organisations may have unrealistic expectations of this person – or misunderstand their role in the business. CISOs are cybersecurity leaders, but this is a simplification of their role within a business. Yes, their remit includes assessing and balancing security strategy, but they need to be able to do this in the context of the business’s wider strategic goals.”

The lack of understanding surrounding the CISO role is also impacting perceptions of its usefulness. A quarter of IT leaders believe (25%) CISOs are overworked and underpaid, but nearly a fifth (18%) see them as poor value for money.

Mr Leach continued: “CISOs are becoming an increasingly visible board position, but for them to work effectively, organisations need to understand that their role is a balancing act. Robust cybersecurity is paramount – but they also need to ensure this does not overly compromise business agility, or the experience of customers and employees. There is clearly a significant need for organisations to develop widespread understanding of the role of the CISO. If they fail to do so, talented but frustrated professionals will move on – and cybersecurity postures will suffer.”

This research surveyed over 1,400 key IT decision makers in large organisations spanning multiple industries across North America, Europe, Asia-Pacific and Japan. The survey included 203 IT decision makers in organisations with more than 500 employees across the UK and Ireland. Fastly has taken a deep dive into why current cybersecurity strategies are inadequate to deal with the modern threat landscape – and offered concrete advice into how businesses can ensure their preparedness – in its recent report Fighting fire with fire: Cybersecurity strategies are suffering as a result of complexity, which you can download here