As the digital landscape has grown, so has the organizational need for cyber security and data security. A new study looks at where CISOs stand in business.
The role of CISO is of great importance at one time Cyber attacks are rampant And increasingly sophisticated, and Millions continue to work from home. Combined with many high-profile cyber attacks and more regulatory investigations. CISOs are in high demand, and companies are willing to pay premiums to hire and retain them.
See: Google Chrome: Security and UI Tips You Need to Know (Tech Republic Premium)
“The Chief Information Security Officer (CISO) has become a position of significant importance for companies large and small, in technology and in almost all other industries,” according to a 2021 survey by the recruitment firm. Hedrick and the struggle. A survey of 354 CISOs also found that the US CISO earned an average salary of $ 509,000 in 2021, up from $ 473,000 in 2020.
“CISOs focusing on network security, firewalls, security policies and governance are now responsible for securing connected devices, creating and implementing identity and access management systems. Artificial intelligence And Machine learning, As well as risk management, privacy, research and physical security, among other issues, “the Heidrick & Struggles survey said.” And they’re doing so when managing large teams.
Eighty-eight percent of the board of directors view cyber security as a business risk, as opposed to a technology risk. A recent survey by Gartner.
There has never been a better time to be a CISO.
“CISOs are certainly gaining more visibility at the executive and board levels and are closer to product and strategy discussions,” said Andre Durand, CEO of Ping, a cloud identity security software provider. “As cybercrime grows and companies face monetary losses, the role of CISO and security is critical to overall or business success.”
Where CISOs often report to the organization’s CIO, that is changing as the role becomes more strategic and less about IT functionality. Sixty-one percent of CISOs surveyed by Heidrick & Struggles report to someone other than the CIO.
In more regulated industries such as healthcare, CISO can report to anyone who conducts risks and audits, while those working in SaaS / Cloud / tech companies find themselves under engineering leadership / CTO or COO, according to the Heidrick & Struggles survey. .
See: Password Violation: Why Pop Culture and Passwords Don’t Match (Free PDF) (Tech Republic)
“CISO needs to be able to make an impact on organizations, and that’s the most important aspect here,” Durand said.
In the case of industries that recognize the value of being a CISO, those with financial, intellectual property or privacy risks are likely to match the benefits that CISO can bring to them, he said. But Durand added that “cybercriminals do not discriminate on the basis of industry. All companies must seek some level of executive sponsorship around the security of their business.”
Where CISOs are focused on 2022
Companies continue to migrate to cloud-based software and focus on security architecture and the security surrounding those offerings. Because ransomware continues to be a major cyber threat, trying to protect them as well as recovering from ransomware is a pressure requirement, Durand said.
“Keeping businesses available and able to withstand attacks DDoS Or Botnet Attacks are important for any digital business, “he said. Zero faith Model, and we see a substantial amount of effort going on in that area. “
However, companies still face challenges in trying to keep up with the rapid changes in technology. This means “security teams need to be well-versed in the technology used in the company to provide guidance on how to keep the technology safe,” Durand said. “The talent pool of security professionals is also limited. [and] No matter what the industry, recruiting and retaining that talent is challenging. “
CIOs and CISOs need to rebalance responsibility for cyber security so that it is shared with business and enterprise leaders, Gartner said. The firm suggests that responsibility for business decisions affecting enterprise security should be shared, and that IT and security leaders should work with executive and boards of directors to establish broad governance.
“Having a CISO with board-level support and on-board inspections can help bring visibility to the technology risks each business faces,” Durand agreed. “A good committee is made up of diverse opinions and experiences, one of which I think should be the CISO.”
Whoever the CISO reports to, they should partner and support the CIO, he said. “CIOs will have an ongoing responsibility to enforce security controls on the systems they are responsible for maintaining. CIOs, CTOs and CISOs should be in close partnership for the benefit of the organization.”