2021 Brings new security challenges and regulations for European CISOs

European CISOs are shifting how they spend on security in response to the COVID-19 pandemic and are having to adopt to a raft of new proposed EU cyber regulations.

Forrester has recently explored three security topics: that of European cyber regulations, European CISO budgetary trends in 2021, and finally the career paths of CISOs at major UK FTSE 100 organizations. What becomes apparent is that European CISOs are shifting how they spend on security in response to the COVID-19 pandemic and are having to adopt to a raft of new proposed EU cyber regulations. Based on recent Forrester research, here are some key messages to consider:

More about cybersecurity

European leaders shift new spending to cloud-based security services.

One of the key trends that I have seen very strongly  has been the aggressive shift not only to the cloud, but also rapidly increasing interest in delivering security controls from the cloud. European security leaders no longer wish to be burdened with the complexity involved with managing on-premises infrastructure. Ninety percent of security leaders Forrester surveyed are planning to maintain or increase the amount they spend on securing the cloud and delivery of security controls from the cloud. This represents a big shift from prior models, and growing interest in Zero Trust security models in Europe  supports that this trend will continue. Watching how this correlates with the increasing trend of European data sovereignty will be fascinating, given the heavy dependence of Europe on non-European vendors to secure their enterprises. 

Proposed EU cyber regulations hint at a model for cyber regulations that start to up the ante.

The EU has recently announced bold proposals for reforming the Network Information Systems Directive (NISD). With more consistent penalties, more prescriptive security measures mandated, and a broader scope for capturing companies than the existing directives, this has caused some concerns with organizations this year that have hitherto not been impacted. Along with bold proposals from the proposed Digital Markets and Digital Services Acts, the EU is moving into bold territory with the proposed regulations regarding impacts on cybersecurity. If these regulations pass, it will set the marker for bold cybersecurity regulation for the wider world to take notice of, particularly the US. 

UK security leaders have less time to make their mark on their organization than in the US.

In Forrester’s first of a series of reports  that will look at the career path and experiences of CISOs in Europe,  we have completed analysis of career paths taken by UK FTSE 100 CISOs and compared these to the analysis of the Fortune 500 in the US There are some fascinating results: First, UK CISOs have a much shorter tenure than we see in our US client base, lasting 31 months on average compared to just over 4 years for US-based CISOs. However, and not surprisingly, CISO diversity is also dire, with only 9% female CISOs in FTSE 100 companies. As an industry we can and must do better.

To understand the business and technology trends critical to 2021, download Forrester’s complimentary 2021 Predictions Guide here.   

This post was written by Principal Analyst Paul McKay, and it originally appeared here.

Also see