CFOtech Australia - Technology news for CFOs & financial decision-makers
Story image

Australian firms struggle to understand CISO role, says Fastly

Thu, 2nd May 2024

A recent survey by global edge cloud platform provider Fastly has found that an increasing number of Australian businesses now have a Chief Information Security Officer (CISO) role, with 81% of businesses employing a CISO and an additional 11% planning to hire one in the next two years. Despite this, there appears to be a significant lack of understanding about the CISO's roles and responsibilities.

This lack of comprehension extends to IT leaders, with just 42% of such individuals considering a CISO crucial for the protection of businesses from threats. Furthermore, under half (45%) of IT leaders surveyed believe that a CISO needs comprehensive knowledge across all areas of IT. The survey found that almost three in ten (27%) respondents think that too much legal and operational responsibility is being given to CISOs.

The research also uncovered interesting perspectives on the blame game in the IT industry. A quarter of IT leaders have indicated that CISOs are too often held accountable for cyber security breaches that are beyond their control. In contrast, 22% believe that security managers and engineers are unfairly blamed. Over one in ten participants in the survey hold the perception that CISOs are not providing good value for money.

Marshall Erwin, CISO at Fastly, highlighted the importance of recognising the evolution of the CISO role, especially in a time where businesses are facing unparalleled cybersecurity challenges. He explained, "Australian businesses have consolidated efforts to hire a professional able to take charge of cybersecurity strategy. Though, our data suggests there still exists confusion over what the role of the CISO's actually entails. This disparity of opinion highlights how the role has evolved in recent years, particularly with challenges to organisations security postures and growing threat landscape."

Erwin also noted the transition of the CISO role from a purely technical one to a position that increasingly involves strategic business thinking. This shift may be contributing to the misunderstanding around the role. Mr Erwin observed, "CISOs are increasingly seen as business leaders responsible for the strategic direction of an organisation's cybersecurity strategy, which is where this lack of understanding about the role arises."

These findings indicate that while most Australian businesses are on track to have a CISO within the next two years, there is a pressing need for better understanding of the role in order for it to be effective. As Australia continues to navigate the complex cybersecurity challenges of the digital age, the need for a strategic and robust approach to IT security, led by a CISO, will become increasingly critical.

The findings presented by Fastly were extracted from extensive research into the security investments and plans of almost 1,500 IT decision-makers globally. The survey included IT decision-makers from large organisations across multiple industries, with 211 participants from Australian businesses with over 250 employees.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X