CISOs Still Struggling for Authority, Acceptance Among Execs
Despite increased awareness of the need for cyber-security at the highest levels of corporate management, CISOs lacked decision-making authority.A recent survey found that despite a rash of high-profile data breaches in the last year, many executives fail to appreciate the CISO’s contributions. The ThreatTrack survey, which polled 200 U.S.-based C-level executives at companies that employ CISOs, found just over half (51 percent) of respondents feel CISOs provide valuable guidance to senior leadership related to cyber- security--a decrease of 1 percent from 2014. Around a quarter 27 percent said CISOs typically possess broad awareness of organizational objectives and business needs outside of information security—down 5 percent from last year. In addition, nearly half (47 percent) said CISOs should be accountable for any organizational data breach--a 3 percent increase compared to 2014. Just 25 percent said CISOs contribute greatly to improving day-to-day information security practices--down 2 percent from last year.
"What we found so surprising was that there was so little change over last year. Our expectation was that with all the attention high-profile data breaches were putting on enterprise cyber- security, and all the talk about the importance of having a CISO, that executives would have been much more informed about the value of a CISO and better understand their role. But that was not the case," Stuart Itkin, senior vice president of ThreatTrack Security, told eWEEK.