European CISOs are faced with multiple new obstacles and regulatory challenges amid the COVID-19 pandemic.
Global market research organization Forrester has published its findings on three main topics related to European CISOs. The topics cover new cybersecurity regulations in Europe, 2021 budgetary trends for European CISOs, and CISO career paths at leading UK FTSE 100 organizations.
The studies found significant budgetary changes in how CISOs in Europe respond to the pandemic in terms of spending. It also revealed that European CISOs have to face a torrent of newly introduced cybersecurity regulations.
Below are some key takeaways of the studies for European CISOs:
European CISOs Transition to Cloud-Based Security Solutions
Based on the Forrester research, we see a major trend: large-scale transitioning to the cloud and even providing security services from the cloud. European cybersecurity leaders want to liberate themselves from the burden of on-site cybersecurity infrastructure deployment and management.
Forrester surveyed European security leaders under the study. And 90% of the respondents said they plan to retain or raise the money they spend on cloud security and providing security services from the cloud. That shows a significant change from the previous trends.
Also, the increasing shift of European CISOs to Zero Trust security supplements the new trend. How this transition matches the excessive urge for data sovereignty in Europe will be worth watching. It is pertinent to mention here that vendors in Europe are already under increased pressure to protect their organizations.
The Challenges of Adapting to Newly Proposed European Cybersecurity Regulations
The European Union lately said that it is taking new, striking regulatory steps to improve the Network Information Systems Directive (NISD).
The new regulation proposes:
- Enhanced consistency in penalties for non-compliance
- A more coercive course of actions
- More extensive actions than the current ones to apprehend non-compliant organizations
The proposed regulatory steps have raised concerns even for many companies that have not been affected by the past regulations.
Besides the strict regulatory actions under the proposed Digital Markets and Digital Services Acts, the European Union is expanding into more areas with proposed activities related to the impacts of security.
Once approved, these regulations will serve as benchmarks for other countries to follow suit, especially the United States.
UK CISOs Have Less Time to Leave an Impact on Their Organizations Than Others
As mentioned above, Forester also studied the career paths of European CISOs. Based on the findings, it makes sense to analyze the paths adopted by UK FTSE 100 CISOs and compare them to that of the US Fortune 500 CISOs.
Our analysis shows some interesting findings. We found that CISOs in the United Kingdom spend a brief tenure in their organizations as compared to US CISOs. On average, the term of UK CISOs lasts 31 months, and that for the US CISOs lasts for four years.
Also, though not surprising, we found that CISO diversity is in a terrible state. It is shocking to see only nine percent of women in CISOs roles at the UK FTSE 100 organizations. The cybersecurity sector needs to do more to promote diversity.