COVID Confessions of a CISO

COVID Confessions of a CISO

What a year it’s been! Even if we only think about workplace challenges, it’s still been an incredible struggle: jobs have been lost, parents are juggling full time work and childcare, loneliness and isolation have affected our performance, and we still don’t really know how this year is going to end. 

Throughout the pandemic, we’ve committed to supporting both our hackers and our customers, whatever challenges they’re facing. But we also wanted to find out how the wider industry is coping. What have their challenges been when it comes to securing their attack surfaces, protecting their brand, and developing products and services during a period of immense upheaval? We asked 1400 CISOs, CTOs and CIOs across the world about how they’ve experienced the pandemic and found at least a third admitted to being under strain:

  • 30% said they have seen more attacks on their IT systems as a result of COVID-19
  • 64% believe their organization is more likely to experience a data breach due to COVID-19      

As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope. With business priorities focusing on staying afloat and adapting to change, a data breach can feel like the last thing to worry about. But, for security people, it’s our job to prevent them. We continue to see high profile data breaches and cyber security incidents so it’s no wonder 66% of respondents are feeling under scrutiny to prove the business takes information security seriously. 

  • 36% say that digital transformation initiatives have accelerated as a result of COVID-19 and 31% say they have had to go through a digital transformation before they were ready
  • 30% have had to switch priorities during the pandemic from application security to securing the use of working from home and collaboration tools and another 30% said their teams have been reduced

Digital transformation is one of the most significant trends to have come out of the pandemic, and it’s shown a clear line between those organizations that are prepared and those that aren’t. The ability to be agile, move fast, and respond to customer demands has become the new measure of success, but scaling security needs to be an equal priority. 

It’s not all bad news, though! We’ve seen ethical hackers also embrace the opportunities created by stretched internal teams, with a 56 per cent increase in hacker sign-ups on the HackerOne platform since March compared to the same time last year. With budgets and teams cut for a quarter of respondents, it’s no surprise to see that 30 percent of CISOs say they would now be more open to receiving vulnerability reports from third-party researchers than before the pandemic. 

A quarter of respondents also said that their budgets have increased as a result of the pandemic as businesses have recognized the importance of security at this time. A further 66% believe the COVID-19 pandemic will cause their organization to improve their information security posture.    

If you want to find out more about how HackerOne customers have responded to the pandemic and how hackers have been instrumental in securing attack surfaces and protecting innovation, we’ll be publishing our 4th Annual Hacker Powered Security Report later this month.

The Ultimate Guide to Managing Ethical and Security Risks in AI

AI Ebook