CISOs are both anxious and see opportunities: Report

Chief information and security officers both have feelings of anxiety and see opportunity as the new year starts.

That’s the summation of the analysis done by IANS Research and Artico Search in their State of the CISO 2023-2024 report. It’s an 18-page summary of interviews conducted last fall with 100 American and Canada CISOs, plus data collected from 663 CISOs in the middle of last year on compensation, budget dynamics, board engagement and job satisfaction.

It notes pressures on CISOs include the facts that many companies are pulling back cybersecurity spending because of the economy, cyber attacks are increasing, regulators are breathing down the necks of companies, and the rise of generative AI tools offer new opportunities for advanced threat detection and automation, but also pose new threats in themselves.

“In this rapidly evolving landscape, traditional CISO role characteristics may no longer suffice,” says the report. “This situation gives CISOs an unprecedented opportunity to argue for a place in the executive ranks. Furthermore, the increased security pressure on organizations gives CISOs more ammunition to influence leaders outside of their direct sphere of control.”

Graphic from IANS Research CISO report
Most CISOs surveyed were either at the VP or director level. Source: IANS report

Among the findings:
Compared with 2022, CISO job satisfaction fell — a sign of unease with the status quo. The drop in satisfaction coincides with a growing share of CISOs considering a job change (75 per cent considering a change, up from 67 per cent in the previous study);
This may have something to do with lack of recognition. While 63 per cent of respondents said they have a VP or director-level position, just 20 percent are at the C-level;
CISOs seeking clear risk guidance from boards often don’t find it. Only 36 of the respondents said their board offered clear guidance on their organization’s risk tolerance for the CISO to act on;
One bright spot: There’s evidence that spending time enhancing leadership skills through external training pays off. CISOs who engaged in formal leadership training courses or one-on-one executive coaching programs earn more, with a difference of over US$200,000.

The report argues that the U.S. Securities and Exchange Commission’s updated cybersecurity reporting rules, and the increased exposure that CISOs face, call for strong collaboration between the CISO and company leadership, including the board. That includes regular and recurring CISO-board collaboration in the form of quarterly updates, tabletop exercises and the like.

For half of the respondents, this is the case at their organization. However, a quarter of the respondents said board access is limited to just once or twice a year. Twelve per cent said they meet with the board purely on an ad hoc basis. But 13 per cent said they never see the board.

“Even among companies with annual revenue exceeding US$10 billion — most of which are publicly listed firms — just 60 per cent of respondents said they meet with the board regularly,” says the report.  Director-level CISOs are the least likely to have quarterly recurring board engagement.

Related content: Advice to CISOs: Shut up and listen

The report warns that for CISOs to effectively communicate demands for risk guidance and budget needs with their board, they need:
business acumen, meaning the ability to understand corporate strategy and financial statements as well as the ability to frame risks in terms of possible economic impact on the organization;
and executive presence, which is the ability to be persuasive, direct and decisive with the board and C-suite.

Related content: Empathy is now a key skill CISOs need

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs