Friday, November 29, 2019
A Kaspersky report found that a vast majority (89%) of Chief Information Security Officers (CISO) are regularly called upon by their board of directors to provide recommendations for the business. The study also revealed that despite regular communication with top decision makers to share important insights, it does not necessarily result in dedicated security investments. In fact, 54% of respondents admitted having to share their organization’s IT budget.
In Q3 2019, 451 Research conducted an independent study, commissioned by Kaspersky, to explore the various factors shaping information security from the perspectives of enterprise security leaders. The study surveyed 305 respondents that have senior or executive responsibility roles for cybersecurity in enterprises worldwide, with the findings revealing how the nature of cybersecurity and security leadership has evolved.
According to the study, top management seek advice from IT security leaders regardless of the organization’s reporting structure, with only 23% reporting to the board. Additionally, 60% of respondents said business leaders need input from their CISO most often when an internal cybersecurity incident happens. However, it’s not all about breaches. Executives also seem to be proactive and mindful about how to protect the company now and in the future. More than half (57%) of the surveyed IT security chiefs schedule meetings with the board on a regular basis, and 56% are requested to provide their expert opinions on future IT projects.
Despite being visible and valuable to the board, CISOs still face difficulties when it comes to justifying necessary spending on IT security. Having to siphon their expenses from the broader IT budget, 43% of those surveyed feel that they are in direct competition with other business and IT initiatives, making it one of the top three challenges they face in order to make the case for essential information security investment.
“As the study shows, boards of directors now understand that cybersecurity is an important part of business success,” said Veniamin Levtsov, vice president of corporate business at Kaspersky. “Nevertheless, there’s still a challenge for CISOs to be able to convert this understanding into actual support. Speaking business language instead of using technical jargon, focusing on how to solve problems and bringing in third-party expertise to justify meaningful measures are all key components to win over directors.”
To learn more about the changing role of CISOs in 2019, read the full report.