96% of CISOs without necessary support to maintain cyber security

The vast majority of chief information security officers (CISOs) do not receive the executive support necessary to prevent cyber attacks, according to a new report.

As many as 96% of surveyed CISOs said they don’t have the tools needed to improve the security posture of their firms. 94% agreed that having the right tools could save significant time in their daily tasks.

Almost half (49%) of respondents indicated that their roles would be less difficult if employees understood how challenging cyber security is, and over a third (34%) pointed to lack of team talent as a top hurdle.

Tellix’s study surveyed more than 500 CISOs from companies with at least 1,000 employees from across the globe.

The results also showed that requisitioning is only part of the problem when it comes to cyber security posture.

Nearly one in two (44%) respondents reported that they would value access to a single enterprise tool through which security posture could be improved, instead of the 25 individual security tools that organizations use on average.

“We get tool exhaustion at some places where money is just thrown at tools and they’re only using a quarter of it,” said one CISO in the US public sector. 

“So having a unified security tool, that’s been built and understood by security people and CISOs and analysts and engineers, that understand their day-to-day work and activities when it comes to certain things is, I think, something that’s missing.” 

In the UK, 50 CISOs were surveyed and largely followed the trends indicated in the global results. 

One noteworthy divergence was the extent to which UK CISOs felt fully or mostly accountable for the major cyber security incidents they have overseen, with 80% indicating that they did against the lower global rate of 72%. 

UK churn rates were in line with worldwide figures, however, with 42% having experienced major attrition within their teams as a result of incidents compared to 43% across all global participants.

The report linked this high resignation rate to the pressure that security operations teams often fall under, with 86% of CISOs having presided over major security incidents overall.

“Faced with an increasingly complex and ever-evolving threat landscape, CISOs are often under-resourced and stretched too thin,” said Fabien Rech, SVP EMEA at Trellix

“This causes significant stress amongst 40% of SecOps teams across EMEA, with 43% experiencing major attrition as a result. As an industry, we have seen an observable bleed of talent as cybersecurity professionals are being asked to do more with less.”

In 2020, Nominet’s CISO stress report indicated that 48% of CISOs felt work stress was impacting their mental health, and in February 2023 Gartner stated almost half of cyber leaders could leave roles due to stress by 2025.