The CISO's Job Is Getting More Complex

Most organisations experienced cyber security problems as they began working with a remote and home working workforce as a consequence of the Coronavirus and the importance of a robust cyber security capability has never been more apparent. 

Now, research from executive search and consulting firm Marlin Hawk highlights the job of the Chief Information Security Officer (CISO) and the issues arising for  succession planning failures and a lack of diversity.  The Report analyses the role of the CISO regarding the short- and long-term impacts of the pandemic, perspectives on diversity, tenure, and succession, as well as the impact of cyber security expertise at the board level. 

It consists of research from CISOs at 400+ of the world’s largest companies and direct feedback from Fortune 500 CISOs at organisations like Bank of America, Humana, TD Bank Group, Equifax, Credit Suisse and BT Security. “There are so many more industries recognising the importance of technology as a result of the pandemic, and therefore the importance of CISOs, thus creating much more demand...  As this demand continues to grow, the demands on CISOs continue to evolve, including the talent agenda becoming ever more challenging.”said Jason Mallinder, Group CISO at Credit Suisse. 

Overall Key Findings Include:

  • 67% of those interviewed were hired by a new company, which translates to a poor job of retaining and promoting within.
  • 53% of CISOs interviewed assumed a new role during the pandemic, while just over a third took on an expanded role at their current place of employment.
  • 14% are women while only 21% are non-white, which highlights the industry’s overall inability to address diversity and inclusion (D&I).
  • Only 1% of Boards currently include a cybersecurity leader, underscoring a lack of comprehensive cybersecurity expertise and knowledge.

CISOs are supporting the shift to location-agnostic working practices and with the various solutions that have been put into place to enable a secure remote workforce. Many CISOs see the benefits to sustaining it, such as access to better and more diverse talent.

Indeed, many organisations find that a location-agnostic approach to hiring increases the candidate pool and raises the bar on the type of talent they can attract.

“The CISO role has become an interesting mix of digital and physical security...  The combination created new risk for CISOs, who had to architect solutions to ensure access to critical services and ways of working.”says Aman Raheja, CISO at Humana. Additionally, as remote work evolves into a more permanent, hybrid model for enterprises, changes in working and purchasing habits have emerged as a key differentiator for the Board. They frequently consult the CISO on a broader range of topics, which now include investment decisions.

CISOs Deserve More influence In The Boardroom

The Coronavirus pandemic introduced a new level of complexity as CISOs were given the task of securing a remote workforce and mitigating risks and threats, which increased as the enterprise network became more porous. The unprecedented pace at which CISOs have had to adapt has fundamentally changed their role to a key driver of business and digital transformation but also addressing all security needs across the enterprise: "There is a technology strategist role that is continuing to emerge... It goes beyond the security stack more broadly into questioning trust in our legacy technologies and where we need to make investments to mitigate against those risks. Where the CIO would traditionally be leading conversations about operational efficiency, you now see the CISO championing them, too." says Glenn Foster, CISO, TD Bank Group,

“The size of the boardroom table continues to grow, as governing a modern corporation continues to become more complex and less rooted in the purely financial lenses of the past...  If companies aren’t ready to add another seat for the CISO to their Board, then councils and committees must bridge this gap until they are, be it internal or advisory adjuncts to the Board. Starting with a cyber security and customer trust committee is a good first step." says James Larkin of Marlin Hawk.

CISOs Are In High Demand But Succesion Planning Is Rare

The turnover rate for CISOs is incredibly high and often closely related to pay and working conditions.Given the need for vigilance in the CISO role, high turnover rates do not necessarily pose a problem if organisations have a robust pipeline of cyber talent in place to respond in the event of an exit. To that end, many of the CISOs that Marlin Hawk spoke to reported a discrepancy between a slated successor and the candidate who is named to the role. 

  • This breakdown in the succession planning process is likely due, in part, to a lack of exposure by potential successors to the Board. And despite this current failure, several cyber security executives interviewed believe that a succession plan is vital. 
  • Soft skills have become crucial, but overall diversity and inclusion (D&I) is lacking. On top of incredibly high demand, internal tensions exacerbated by the pandemic have created a need for CISOs who have soft skills to communicate across the business and manage distributed teams: 
  • When it comes to diversity, a number of organisations have made significant improvements. Still, several have yet to tackle the issue of how to integrate diverse talent into their structure. For instance, women account for 14% of information security leaders, and non-white candidates account for just 21% of CISOs at large global enterprises. 

Overall, the evidence suggest that the the role of CISO has never been more complex, challenging and critical to the resilience of the organisations they work for.

Marlin Hawk:        Image: Unpslash

You Might Also Read: 

CISO's Cant Find The Right People:

 

« EU Proposes Legislation To Secure Connected Devices
North America VPN Market Will Soon Be Worth $70 Bn »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

ITC Secure Networking

ITC Secure Networking

ITC are a leading cloud-based MSSP delivering service innovation in cyber security analytics & cloud technology.

Hornetsecurity

Hornetsecurity

Hornetsecurity offers managed cloud security solutions like Email archiving, Email encryption, Email spam filter, web filter and cloud storage.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

Swedish Board for Accreditation and Conformity Assessment (SWEDAC)

SWEDAC is the national accreditation body for Sweden. The directory of members provides details of organisations offering certification services for ISO 27001.

Datplan

Datplan

Datplan offers a software solution that gives an overview of 8 key cyber risk areas, their threats, and risk management steps.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.