A perfect storm of escalating cyber-attacks and global tech innovation, leaves 61 per cent of Chief Information Security Officers (CISO) only “fairly confident” of managing their current threat exposure.
24 May 2022 – London, UK - Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, has today released a new report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. Called “Strategy and collaboration: a better way forward for effective cybersecurity”, the paper reveals companies are more concerned and exposed to cyber threats than ever before, with almost two thirds (61 per cent) describing themselves as at best only “fairly confident” at managing their current cybersecurity threat exposure, which should raise some eyebrows around the boardroom.
Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 per cent believe their existing cyber strategy will be outdated in two years, and a further 37 per cent within three years. Additional investment is needed to address longer term planning, with 44 per cent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.
The daily firefight
CISOs and cyber professionals report struggling to manage today’s cybersecurity risks across the board. Asked about the day-to-day aspects of securing their businesses on a scale including “a little, somewhat, or very challenging”, the following areas were ranked highest as at least somewhat challenging by respondents: (total challenging figures in brackets)
Detecting or identifying the occurrence of a cybersecurity event or threat – 56 per cent (85 per cent)
Third parties disclosing breaches in good time – 55 per cent (85 per cent)
Understanding and anticipating new or potential future strategies used by threat actors – 55 per cent (84 per cent)
Ensuring that the entire supply chain is water-tight in its ability to defend and recover against threat actors – 52 per cent (83 per cent)
Juggling cybersecurity priorities
Not only do organisations feel they are chasing their next cyber strategy, but they are struggling to deliver on the one they have now. CISOs highlighted the following key priorities over the next 12 months:
The cyber skills gap within organisations is the highest strategic priority (31 per cent). This has a been a perpetual problem facing the IT industry and cybersecurity teams can become quickly overwhelmed if the right expertise is not in place to manage the load. The effects of this can be devastating, creating risk vectors that can be exploited and may lead to human error under pressure, or a missed threat. Rather than hunting new people, the gap could in part be addressed by putting more resources into training and upskilling, but this is difficult when team capacity is already stretched.
The next most important priority highlighted by CISOs is the challenge of gaining consistent and reliable ‘threat intelligence’ (28 per cent), with many reporting they rely on informal information sharing networks.
Securing digital identity (27 percent) was also identified as key given the risks posed by hackers gaining credentials and impersonating users to access data and systems.
Stuart Jubb, Group Managing Director at Crossword Cybersecurity plc, commented: “The picture painted by our research shows CISOs are in urgent need of a strategic rethink. CISOs need to balance their cybersecurity operation’s daily load with managing the organisation’s long-term requirements. Boards must make sure CISOs have the budget necessary to get short-term issues under control and then begin planning a long-term business wide strategy. Such a strategy should be supported by a standard operating model with robust processes and policies for the company’s entire supply chain. Every month of delay leaves businesses open to potentially crippling cyber-attacks.”
The tech trends that matter to cyber professionals
CISOs were also asked about the technology trends that they saw as being the most important and relevant over the next 12 months. Several technology categories stood out with cloud transition and cyber in the cloud leading the way (41 per cent), followed by Cyber Security Mesh Architecture (CSMA – 35 per cent), and AI/Machine Learning (31 per cent).
Deciding how each of these categories will fit into the short-term cyber goals and longer term strategy of UK organisations will take serious consideration. However, respondents did report having a clear view on the most important technology components they want to address in their cyber security plans in the short term, compared to the next three or five years. Three quarters (75 per cent) said software verification, which helps to ensure a program is secure, 69 percent said cloud transition and 69 per cent said dealing with ransomware escalation, will be a focus immediately or over the next 12 months. A similar number (65 per cent) identified CSMA, a method for making cybersecurity products interoperable, as a key technology. Other technologies of note included:
Zero trust and identity security (62 per cent)
Quantum data stores / computing (55 per cent)
AI / Machine learning (55 per cent)
Jubb concluded: “Cybersecurity today is in a more tightly squeezed iterative cycle than it was in the past. It demands that organisations take a more strategic and collaborative approach – we recommend appointing a head of cyber security strategy, while leaving the CISO to deliver on the immediate challenges. Managing the day to day risks is a tough balancing act, but one that can be achieved if CISOs have the right resources to upskill their teams and tools that leverage AI to bring efficiency and automation to help protect their organisation and its supply chain against today’s threats.”
Professor Tim Watson, Programme Director, Defence & Security, The Alan Turing Institute and Director, WMG Cyber Security Centre, University of Warwick, commented: “Collaboration is especially important when it comes to protecting critical national infrastructure because it's rapidly becoming a whole new theatre of conflict between Nation States. It's also not particularly easy because there are so many private and public stakeholders.”
Muttukrishnan Rajarajan (Raj), Professor of Security Engineering and Director, Institute for Cyber Security, City, University of London, commented: “Tackling ransomware is a huge area of focus in the world of research, so I’m not surprised this scored highly in the survey. We are often commissioned to work on projects that focus just on this – an attack on one SME can cause a complete supply chain to grind to a halt as we saw with vulnerabilities introduced via the Log4J code libraries recently.”
- Ends -
Crossword Cybersecurity plc – Tel: +44 (0) 333 090 2587
Tom Ilube, Chief Executive Officer
Mary Dowd, Chief Financial Officer
Grant Thornton (Nominated Adviser) – Tel: +44 (0) 20 7383 5100
Colin Aaronson / Jamie Barklem / Daphne Zhang / Ciara Donnelly
Hybridan LLP (Broker) – Tel: +44 (0)203 764 2341
Claire Louise Noyce
For media enquiries contact:
David Hothersall, Kinlan Communications
firstname.lastname@example.org – Tel: +44 (0) 207 638 3435
Duncan Gurney, GingerPR
email@example.com – Tel: +44 (0)1932 485 300
About Crossword Cybersecurity plc
Crossword offers a range of cyber security solutions to help companies understand and reduce cyber security risk. We do this through a combination of people and technology, in the form of SaaS and software products, consulting, and managed services. Crossword’s areas of emphasis are cyber security strategy and risk, supply chain cyber, threat detection and response, and digital identity and the aim is to build up a portfolio of cyber security products and services with recurring revenue models in these four areas. We work closely with UK universities and our products and services are often powered by academic research-driven insights. In the area of cybersecurity strategyand risk our consulting services include cyber maturity assessments, industry certifications, and virtual chief information security officer (vCISO) managed services.
Crossword’s end-to-end supply chain cyber standard operating model (SCC SOM) is supported by our best-selling SaaS platform, Rizikon Assurance, along with cost-effective cyber audits, security testing services and complete managed services for supply chain cyber risk management. Threat detection and response services include our Nightingale AI-based network monitoring, Nixer to protect against application layer DDoS attacks, our Trillion and Arc breached credentials tracking platforms, and incident response. Crossword’s work in digital identity is based on the World Wide Web Consortium W3C verifiable credentials standard and our current solution, Identiproof, enables secure digital verification of individuals to prevent fraud.
Crossword serves medium and large clients including FTSE 100, FTSE 250 and S&P listed companies in various sectors, such as defence, insurance, investment and retail banks, private equity, education, technology and manufacturing and has offices in the UK, Poland and Oman. Crossword is traded on the AIM market of the London Stock Exchange.
Visit Crossword at https://www.crosswordcybersecurity.com/