UK firms rush to hire CISOs, see them as scapegoats

Chief information security officer (CISO) hiring has skyrocketed in the UK, new research shows. However, some CISOs are overworked, underpaid, and often seen as scapegoats.

55% of UK businesses now have a CISO, a survey of 1,400 IT decision makers by the edge cloud platform, Fastly. That’s a 120% year-on-year increase. While more and more firms seem to understand the significance of having a CISO, the same survey revealed that the comprehension of the role has only worsened over time.

“Our data suggests organizations may have unrealistic expectations of this person – or misunderstand their role in the business. CISOs are cybersecurity leaders, but this is a simplification of their role within a business. Yes, their remit includes assessing and balancing security strategy, but they need to be able to do this in the context of the business’s wider strategic goals,” Sean Leach, chief product architect at Fastly, said.

According to the survey, 30% of IT leaders witnessed CISOs being scapegoats under challenging situations. What is more, one-third believe CISOs were given too much responsibility. 25% of respondents thought CISOs were overworked and underpaid.

Interestingly enough, only half of the respondents said CISOs need an in-depth understanding of all areas of IT. In 2021, only 34% of IT leaders agreed with this statement.

“There is clearly a significant need for organizations to develop a widespread understanding of the role of the CISO. If they fail to do so, talented but frustrated professionals will move on – and cybersecurity postures will suffer,” Leach said.