Study: CISO leadership capacity undervalued by most C-level execs

Share this article:
 Survey respondents praise, but neglect, continuous monitoring
According to a ThreatTrack Security study, 74 percent of execs believed that CISOs didn't belong on organization's senior leadership teams.

A recent poll of C-level executives revealed that most doubt CISOs' organizational leadership abilities.

In a ThreatTrack Security study (PDF) released Thursday, nearly three quarters of the 203 executives polled expressed such opinions. When asked whether “CISOs deserve a seat at the table and should be a part of an organization's leadership team,” 74 percent of execs said, “no.”

The U.S.-based respondents, which included CEOs, presidents, CIOs, COOs, CFOs and those providing high-level legal counsel at companies, were polled between June and July by Opinion Matters on behalf of ThreatTrack.

The report also sheds light on largely held perceptions of the CISO as a “scapegoat,” following security breaches.

Forty-four percent of C-level executives believed that CISOs should be held accountable for “any organizational data breaches,” while 54 percent said that chief information security officers shouldn't be responsible for cyber security purchasing decisions, the report revealed.

“In other words, while CISOs deserve the blame for breaches in the minds of many executives, they should have limited say in acquiring the technology and resources to prevent them,” the report said. “The perception of the CISO as scapegoat is especially prevalent among retail (65 percent) and healthcare (55 percent) companies – which are among the most common targets of cyber attacks – as well as in the legal (67 percent) and professional services (52 percent) sectors.”

In a Friday interview with SCMagazine.com, Julian Waits Sr., president and CEO of ThreatTrack Security, said that he's increasingly seeing CISOs reporting directly to CEOs, but in many cases, a leadership division at companies is still present.

“[C-level execs] still see CISOs as these technology dweebs, and as guys who put technologies in place to make it harder for them to do business,” Waits said. “They are not seeing them as a partner in the business, and I personally see this as a travesty.”

The survey, which also asked participants to grade their CISOs on their overall performance, showed that most in the security roles earned a "B" or "C" (72 percent) for their ability to prevent data breaches and combat “sophisticated cyber threats.” More than a quarter, or 28 percent, of executives said that a decision their CISO made hurt the business's bottom line.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.