As we move ever more rapidly towards a digital-everything world, the role of Chief Information Security Officer (CISO) inevitably becomes increasingly crucial to business success. It is a position that has often been sidelined or underappreciated as compared to that of the Chief Information Officer (CIO).
A recent study showed that more CISOs are now reporting directly to the CEO, instead of the CIO. The figure is over 20 percent on average but soars to 47 percent in communications-heavy firms.
This shift has been inspired by a relentless series of concerning, high-profile data breaches and hacks. With terms such as “ransomware” becoming ever more common, digital defense and cybersecurity have never been more important.
The rise to prominence aside, this scenario places an inordinate amount of pressure on CISOs. Theirs is a role that has evolved to more than just frontline threat monitoring. Today, it is more about all-round threat mitigation, and continually liaising with other members of the C-suite to promote and implement improved digital security measures.
This is in stark contrast to the first iterations of the CISO, which emphasized tech-centricity and firsthand IT experience. Now, soft skills take center stage ahead of technical prowess. CISOs should be able to relate to not just C-suite executives but also ordinary workers who work at the digital frontier between company systems and the internet.
These vicissitudes have molded the image of a CISO into somewhat of a panacea. However, digital panaceas do not exist.
A Heavy Burden
Virtually every hack and every data compromise incident seems avoidable in hindsight. Unfortunately, digital security is an exhausting battlefield for the defenders. They have to prevail at every moment of every day to protect the citadel whereas the attackers only have to break through once.
When, through the law of averages, that does eventually happen, all eyes fall on the CISO.
In actuality, cybersecurity is everyone’s responsibility. Post-incident investigations often reveal the chink in the armor to be a line of faulty code written by a software engineer, deviations from established protocols by individual staff members, or even a deliberate inside job.
As a consequence of this unrelenting scrutiny and scapegoating, CISOs spend less time in their positions than any other C-suite executive.
Rising to the Challenge
Despite the pressures of the job, CISOs believe they performed satisfactorily as the Covid-19 pandemic pushed digital workspaces to the forefront. Those who did have to contend with issues during the period cited a lack of qualified staff as their primary concern.
One helpful change from the shift to work-from-home has been a recognition of the CISO’s importance. Almost 90 percent of them believe that their organizations have developed a balanced approach to cybersecurity, up from just two-thirds in the pre-pandemic era.
Meanwhile, the digital threat landscape is as dangerous as ever. With state actors implicated in attacks on American businesses, the role of the CISO is not going to be obsolete any time soon.
DeSantis Trusted Advisors provides consulting, advisory, and coaching services to businesses and their stakeholders with the goal of creating pathways to success. Please contact me today to discuss further.