ThreatTrack Security - CISO Role Still in Flux: Despite Small Gains, CISOs Face an Uphill Battle in the C-Suite
Compared to a year ago, CISOs have gained some respect in terms of perceived leadership qualities, but C-level executives still can't shake the temptation to use the role primarily as a scapegoat for data breaches. And though cybersecurity expertise is welcome on corporate boards, CISOs still have work to do in asserting themselves within the corporate structure.
While press reports often portray Chief Information Security Officers (CISOs) as having a firm, well-defined position within the corporate structure, new ThreatTrack Security research shows CISOs still have considerable progress to make in order to gain awareness and respect for their position. A sense of ambivalence persists in regards to the CISO role, even despite some small gains over the past year.
A ThreatTrack survey of 200 C-level executives at U.S.-based enterprises employing a CISO revealed that almost half of C-level executives (47%) still view the CISO's role primarily as a scapegoat who "should be held accountable for any organizational data breaches." This is an uptick from the 44% who gave that answer in the same survey in 2014. And while CISOs are widely viewed as a valuable addition to corporate boards of directors, C-level executives still have serious doubts about their CISO's leadership abilities and understanding of business objectives outside security.