Payoffs, tradeoffs, and the ever evolving CISO role

June 11, 2019

EXECUTIVE SUMMARY:

As technology has changed and evolved, so too has the CISO role. So much so, that in some cases, the role is being phased out altogether.

The ride-hailing company Lyft recently transitioned to an “embedded, distributed” security model, a modus operendai that other big Silicon Valley companies have chosen to embrace as well. Given that cyber attacks are estimated to cost more than $11.5 billion in 2019, this upends industry expectations, but is intended to eliminate inefficiencies and duplicate infrastructure.

Elsewhere, the CISO role now absorbs much of the cloud security related responsibilities, while in other places, the role is growing, and morphing into a series of different roles.

The enforcement of GDPR, for example, has created a space for a Data Protections Officer (DPO). “The DPO is responsible for both educating and building awareness within an organization regarding how to protect the privacy of individuals, during all stages of data privacy,” reports Security Boulevard. While it may not reflect best practices, and may only be reasonable for SMBs, in some instances the CISO and the DPO are the same person.

Yet, despite these unexpected twists to the position, in other environments the CISO role being taken more seriously than ever, with twenty-five percent of CISOs reporting directly to the CEO.

“CISOs long ago shed their perception as order-taking technologists” and have since been invited to take “…a seat at the executive table, a badge of honor that underscores their arrival as trusted business partners,” writes CIO.com.

Earlier this year, Delta Air Lines Inc., promoted CIO, Rahul Samant, to the role of Executive Vice President, reflecting how IT is increasingly being treated as a core element of a business’s infrastructure and systems.

Integrating and elevating the CISO or CIO as a strategic business partner illustrates how an increasing number of IT experts are simultaneously honing business acumen, and becoming drivers of revenue. Eighty three percent of technology chiefs describe their role as more strategic than three years ago, according to a Korn/Ferry survey. Business leadership no longer relegates the CISO role to “just keeping the email systems working and the lights on.”

For more on this story, please visit CIO.com.