Security News > 2021 > November > Does your company employ a CISO? Many are operating without security leadership
45% of companies do not employ a Chief Information Security Officer, a Navisite research found.
Of this group, 58% think their company should hire a CISO. Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.
Why you should employ a CISO? 21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is security/cybersecurity.
80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.
70% of respondents expressed confidence in the effectiveness of their cybersecurity program-but that confidence dropped to 58% for companies without a CISO. 47% of survey takers believe their company spends too little on cybersecurity.
"The survey results support what we're seeing across the board: organizations prioritized their security efforts during COVID, but at the same time, they're acutely aware of how much more they need to do to effectively defend against cyber threats," said Aaron Boissonnault, Navisite CISO. "The data also points to an ongoing problem in the industry: a cybersecurity skills shortage that extends to the highest levels. Companies value and want cybersecurity leadership, but it is increasingly difficult to find and retain these individuals."