CISOs are both anxious and see opportunities: Report

Share post:

Chief information and security officers both have feelings of anxiety and see opportunity as the new year starts.

That’s the summation of the analysis done by IANS Research and Artico Search in their State of the CISO 2023-2024 report. It’s an 18-page summary of interviews conducted last fall with 100 American and Canada CISOs, plus data collected from 663 CISOs in the middle of last year on compensation, budget dynamics, board engagement and job satisfaction.

It notes pressures on CISOs include the facts that many companies are pulling back cybersecurity spending because of the economy, cyber attacks are increasing, regulators are breathing down the necks of companies, and the rise of generative AI tools offer new opportunities for advanced threat detection and automation, but also pose new threats in themselves.

“In this rapidly evolving landscape, traditional CISO role characteristics may no longer suffice,” says the report. “This situation gives CISOs an unprecedented opportunity to argue for a place in the executive ranks. Furthermore, the increased security pressure on organizations gives CISOs more ammunition to influence leaders outside of their direct sphere of control.”

Graphic from IANS Research CISO report
Most CISOs surveyed were either at the VP or director level. Source: IANS report

Among the findings:
Compared with 2022, CISO job satisfaction fell — a sign of unease with the status quo. The drop in satisfaction coincides with a growing share of CISOs considering a job change (75 per cent considering a change, up from 67 per cent in the previous study);
This may have something to do with lack of recognition. While 63 per cent of respondents said they have a VP or director-level position, just 20 percent are at the C-level;
CISOs seeking clear risk guidance from boards often don’t find it. Only 36 of the respondents said their board offered clear guidance on their organization’s risk tolerance for the CISO to act on;
One bright spot: There’s evidence that spending time enhancing leadership skills through external training pays off. CISOs who engaged in formal leadership training courses or one-on-one executive coaching programs earn more, with a difference of over US$200,000.

The report argues that the U.S. Securities and Exchange Commission’s updated cybersecurity reporting rules, and the increased exposure that CISOs face, call for strong collaboration between the CISO and company leadership, including the board. That includes regular and recurring CISO-board collaboration in the form of quarterly updates, tabletop exercises and the like.

For half of the respondents, this is the case at their organization. However, a quarter of the respondents said board access is limited to just once or twice a year. Twelve per cent said they meet with the board purely on an ad hoc basis. But 13 per cent said they never see the board.

“Even among companies with annual revenue exceeding US$10 billion — most of which are publicly listed firms — just 60 per cent of respondents said they meet with the board regularly,” says the report.  Director-level CISOs are the least likely to have quarterly recurring board engagement.

Related content: Advice to CISOs: Shut up and listen

The report warns that for CISOs to effectively communicate demands for risk guidance and budget needs with their board, they need:
business acumen, meaning the ability to understand corporate strategy and financial statements as well as the ability to frame risks in terms of possible economic impact on the organization;
and executive presence, which is the ability to be persuasive, direct and decisive with the board and C-suite.

Related content: Empathy is now a key skill CISOs need

The post CISOs are both anxious and see opportunities: Report first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways