Navisite Research Finds 45% of Companies Do Not Employ a Chief Information Security Officer

60% of respondents state their cybersecurity strategy is developed outside the security team

Andover, Mass. November 17, 2021Navisite today unveiled new research that found nearly half (45%) of companies do not employ a Chief Information Security Officer (CISO). Of this group, 58% think their company should hire a CISO. Only 40% of respondents stated their cybersecurity strategy was developed by a CISO or member of the security team, with 60% relying on other parts of their organization, including IT, executive leadership and compliance.

Navisite polled 130 security, IT and compliance professionals in the U.S. to determine their perceptions on the state of cybersecurity leadership and readiness within their organizations. More than 80% of respondents described their job title as either executive leadership or management, with more than 60% of respondents coming from mid-sized organizations between 100-5,000 employees.

Additional findings include:

  • 21% of respondents admit their company does not have a dedicated person or staff whose sole responsibility is security/cybersecurity.
  • 75% of respondents said their company experienced an increase in overall cybersecurity threat volume in the last year.
  • 80% of respondents felt their company exhibited strong cybersecurity leadership during the COVID-19 pandemic.
  • 70% of respondents expressed confidence in the effectiveness of their cybersecurity program—but that confidence dropped to 58% for companies without a CISO.
  • Nearly half (47%) of survey takers believe their company spends too little on cybersecurity.

“The survey results support what we’re seeing across the board: organizations prioritized their security efforts during COVID, but at the same time, they’re acutely aware of how much more they need to do to effectively defend against cyber threats,” said Aaron Boissonnault, Navisite CISO. “The data also points to an ongoing problem in the industry: a cybersecurity skills shortage that extends to the highest levels. Companies value and want cybersecurity leadership, but it is increasingly difficult to find and retain these individuals.”

To read more survey findings, download the full report: The State of Cybersecurity Leadership and Readiness.

About Navisite

Navisite is a modern managed cloud service provider that accelerates digital transformation for thousands of growing and established global brands. Through our comprehensive portfolio of enterprise application and cloud services, proven delivery methodologies and global team of highly specialized experts across technologies, platforms and industries, we provide the capabilities and practical guidance customers need to move their businesses forward. Let us partner with you to navigate the now of IT change, lower costs and meet new demands at any point in your journey. To learn more, visit—modern IT services for modern IT needs.