CISOs in the vast majority of UK organisations are not confident in their security posture, but that hasn't stopped those organisations from using security as a selling point. Consequently, CISOs are being put in a completely compromising position.
This is according to a new report by Nominet, based on a poll of 300 senior security pros in the UK and the US, which found many CISOs weren't confident in an organisation’s final choice of security solutions.
According to Stuart Reed, VP of Cyber Security at Nominet, it's perfectly normal for CISOs to be more cautious when making bold claims about current security solutions. However, “more than a third not being even moderately confident in the final choice of a security solution is a worry.”
Also, being hit by a data breach hurts the overall confidence. The report says that two thirds (68 per cent) of those hit by a breach in the past year usually display a lower level of confidence in their ability to defend and recover from another attack again.
Unlike CISOs in the UK, the Americans seem to be significantly more confident. For example, they’re twice as likely to be very confident in the ability to defend against a similar attack again (22 per cent versus 40 per cent).
“There is a difference between the security market in the UK and US and this is incredibly important for both vendors and third-party advisors to understand. What might reassure a CISO in the US won’t necessarily have the same effect in the UK and we need to be aware of the cultural and contextual difference to ensure that CISOs are supported and empowered to regain confidence in the security infrastructure they implement,” concluded Reed.