In a recent survey to understand how cybersecurity is managed within organizations, we asked readers to share who is chiefly responsible for ensuring security. Below are the results, based on 122 respondents.

  • Less than half (40%) have a CSO/CISO in their organizations. Nearly a third (27%) do not have that role in their companies. More than a third (33%) don’t know.
  • In organizations where the CSO/CISO role exists, half report to the CEO; 17% report to the CIO; and 5% report to the board.
  • Looking at the responsibilities of the CSO/CISO role, more than 70% are responsible for network security and mobile security. When it comes to cloud, however, only 66 percent of CSO/CISOs are responsible for cloud security. Meanwhile, half of respondents say that the role is also responsible for physical security.
  • Compliance, security regulations, and security effectiveness are perceived as the strategies that influenced CSOs and CISOs the most in the past year. Nearly a third view security as a competitive differentiator.
  • Among organizations that don’t have a CSO/CISO, almost half place the responsibility of security on the CEO.
  • When asked to rate the importance of various approaches to cybersecurity, cybersecurity prevention technologies got top rank, followed by employee training and detection technologies. Cyber insurance and budgeting for noncompliance fees rounded out the list.

For those who participated, thank you very much. Please share your views by participating in our new survey that looks at how security professionals think about cyber insurance and supply chain cybersecurity. All responses are kept anonymous.

Take the survey now by visiting