Since the stay-at-home orders first started in March, Chief Information Security Officers (CISOs) have been sharing both their horror stories and how they’ve shifted priorities to keep their companies safe with our team. These CISOs work in a wide variety of companies and yet the anecdotes we’ve been hearing run the gamut, even taking into account factors like business size, industry, or geography.
It is clear changes are happening in how CISOs make decisions and so, in line with our mission of driving comprehensive cybersecurity management, we wanted to look at how the rapid expansion of remote work is impacting cybersecurity business decisions directly.
We collected one of the first sets of quantitative data on how CISOs’ priorities have changed since the start of many businesses moving to work from home. With our research partner, Wakefield, we surveyed 250 CISOs at companies with $250M to $2B in annual revenue. We asked them about their current and changing approach to cybersecurity risk management. Below is a synopsis of some of the results we found most interesting and the full report is available on our website.
Many CISOs are expressing that they need more options and coverage for cybersecurity insurance. However, they aren’t getting the coverage they need or the post-breach services required to recover from certain incidents. Almost four-in-five (77%) reported that there are incidents they feel they need coverage for, but that they are unable to get it.
Additionally, nearly all (96%) of the CISOs surveyed want additional coverage for the increased vulnerabilities resulting from the work-from-home surge. This means that almost every CISO out there is worried - likely because the security practices followed when working remotely are more lax than those followed in office, leading to a higher risk of attack. In fact, over 40% of CISOs identified that cloud usage (49%), personal devices usage (45%), and unvetted apps or platforms (41%) usage posed the biggest threats during this work from home period.
The overwhelming majority (88%) of CISOs are not completely satisfied with the performance of their company’s primary insurance brokerage. Additionally, CISOs want more help when they need it most. Nearly all CISOs (98%) want additional support from their cyber insurance provider after a serious incident.
Nearly half of all CISOs (48%) report they have experienced a security breach in the past. Moreover, insurers and brokers need to step up and are likely in a position to play a bigger role in the prevention and the aftermath of a breach because nine in 10 CISOs are open to purchasing cybersecurity tools along with the cyber insurance from the same company.
Now more than ever it seems CISOs seem to be concerned about disruption to continuity, which is a greater risk as staff work from home. More than half of CISOs want cyber insurance to cover business email compromise (56%), loss of electronic data (55%), cyber extortion (53%), and ransomware (52%).
CISOs recognize they need more influence, and nearly all CISOs (97%) agree that the opportunity to interact with the Board is crucial to their success as a CISO.
Check out the full “Quantitative Analysis of Unmet Insurance Needs and Cyber Security Tools Among CISOs” report to find out more about how CISOs view the changing landscape and how cyber insurance needs to adjust in order to fit their needs.