The CISO role is not for the faint of heart and often requires its occupants to navigate the intersection of security and corporate politics. A recent report by British Telecom highlights the challenges of swerving between competing agendas.
Highlights from the report:
- 76% of business executives perceive their IT strategy as “excellent” or “good”
- In the same cohort, 84% report that their organization suffered a breach in the past two years
- 45% of staff state that they’ve witnessed a security event, but did not report it
The gap between ratings of “excellent” or “good” among business executives and the reality that these same organizations are suffering breaches may reflect that CISOs (and staff) are just trying to survive in their roles.
Remodeling expectations and enabling CISOs to thrive
Many CISOs fear the confrontations with business leaders that are associated with critical security changes. CISOs are concerned about backlash. Nonetheless, little or no action on the part of a CISO leaves the organization at risk of experiencing a security event. Organizations should expect for CISOs to call the shots when it comes to security. Their security expertise far outweighs that of others in the C-suite. Colleagues should not dismiss or dance around a CISO’s decrees, and instead cooperate with endeavors designed to augment an organization’s security.
How have business leaders responded to the study?
Says Kevin Brown, managing director of British Telecom Security, “…CISOs must ensure that they have the visibility that not only makes them the first port of call for security incidents, but also ensures they’re placed at the heart of strategic decision making and planning.”
“The range and scale of cybercrime faced by governments, businesses and individuals is constantly growing…This research from BT shows clearly the increasing responsibilities and expectations placed on the CISO today, and a number of clear steps they can take to improve their protections and our collective resilience,” says Craig Jones, Interpol’s director of cybercrime.
For more on this report and on the evolving role of the CISO, visit InfoSecurity Magazine.