August 30, 2020
How CISOs Are Responding to COVID
77% of chief information security officers identified incidents that they feel they need cyber coverage for and report being unable to get it.
Since the stay-at-home orders first started in March, chief information security officers (CISOs) have been sharing both their horror stories and how they’ve shifted priorities to keep their companies safe. These CISOs work in a wide variety of companies, and the anecdotes we’ve been hearing run the gamut.
Changes are happening in how CISOs make decisions, so, in line with Arceo’s mission of driving comprehensive cybersecurity management, we wanted to look at how the rapid expansion of remote work is affecting cybersecurity business decisions directly.
We collected one of the first sets of quantitative data on how CISOs’ priorities have changed since many businesses started moving to work from home. With our research partner, Wakefield, we surveyed 250 CISOs at companies with $250 million to $2 billion in annual revenue. We asked them about their current and changing approach to cybersecurity risk management. Below is a synopsis of some of the results we found most interesting; the full report is available on our website.
Many CISOs say they need more options and coverage for cybersecurity insurance. However, they aren’t getting the coverage they need or the post-breach services required to recover from certain incidents. Almost four-in-five (77%) reported that there are incidents they feel they need coverage for, but that they are unable to get it.
Additionally, nearly all (96%) of the CISOs surveyed want additional coverage for the increased vulnerabilities resulting from the work-from-home surge. This means that almost every CISO out there is worried — likely because the security practices followed when working remotely are laxer than those followed in the office, leading to a higher risk of attack. In fact, over 40% of CISOs said that cloud usage (49%), personal devices usage (45%) and unvetted apps or platforms (41%) usage posed the biggest threats during this work-from-home period.
The overwhelming majority (88%) of CISOs are not completely satisfied with the performance of their company’s primary insurance brokerage. Additionally, CISOs want more help when they need it most. Nearly all CISOs (98%) want additional support from their cyber insurance provider after a serious incident.
Nearly half of all CISOs (48%) report they have experienced a security breach. Insurers and brokers need to step up and are likely in a position to play a bigger role in the prevention and the aftermath of a breach because nine in 10 CISOs are open to purchasing cybersecurity tools along with cyber insurance from the same company.
See also: COVID-19: The Long Slog Ahead
Now more than ever it seems CISOs seem to be concerned about disruption to continuity, which is a greater risk as staff works from home. More than half of CISOs want cyber insurance to cover business email compromise (56%), loss of electronic data (55%), cyber extortion (53%) and ransomware (52%).
CISOs recognize they need more influence, and nearly all CISOs (97%) agree that the opportunity to interact with the board is crucial to their success as a CISO.
Check out the full “Quantitative Analysis of Unmet Insurance Needs and Cyber Security Tools Among CISOs” report to find out more about how CISOs view the changing landscape and how cyber insurance needs to adjust to fit their needs.