Study: CISO leadership capacity undervalued by most C-level execs

Share this article:
 Survey respondents praise, but neglect, continuous monitoring
According to a ThreatTrack Security study, 74 percent of execs believed that CISOs didn't belong on organization's senior leadership teams.

A recent poll of C-level executives revealed that most doubt CISOs' organizational leadership abilities.

In a ThreatTrack Security study (PDF) released Thursday, nearly three quarters of the 203 executives polled expressed such opinions. When asked whether “CISOs deserve a seat at the table and should be a part of an organization's leadership team,” 74 percent of execs said, “no.”

The U.S.-based respondents, which included CEOs, presidents, CIOs, COOs, CFOs and those providing high-level legal counsel at companies, were polled between June and July by Opinion Matters on behalf of ThreatTrack.

The report also sheds light on largely held perceptions of the CISO as a “scapegoat,” following security breaches.

Forty-four percent of C-level executives believed that CISOs should be held accountable for “any organizational data breaches,” while 54 percent said that chief information security officers shouldn't be responsible for cyber security purchasing decisions, the report revealed.

“In other words, while CISOs deserve the blame for breaches in the minds of many executives, they should have limited say in acquiring the technology and resources to prevent them,” the report said. “The perception of the CISO as scapegoat is especially prevalent among retail (65 percent) and healthcare (55 percent) companies – which are among the most common targets of cyber attacks – as well as in the legal (67 percent) and professional services (52 percent) sectors.”

In a Friday interview with SCMagazine.com, Julian Waits Sr., president and CEO of ThreatTrack Security, said that he's increasingly seeing CISOs reporting directly to CEOs, but in many cases, a leadership division at companies is still present.

“[C-level execs] still see CISOs as these technology dweebs, and as guys who put technologies in place to make it harder for them to do business,” Waits said. “They are not seeing them as a partner in the business, and I personally see this as a travesty.”

The survey, which also asked participants to grade their CISOs on their overall performance, showed that most in the security roles earned a "B" or "C" (72 percent) for their ability to prevent data breaches and combat “sophisticated cyber threats.” More than a quarter, or 28 percent, of executives said that a decision their CISO made hurt the business's bottom line.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.