What Do CISOs Prioritise To Improve Cybersecurity?

Uploaded on 2018-02-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

In a new study by The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organisations.

Critical Defense

  • CISOs surveyed were split on their top priorities for securing their organisations against cyber-attacks. 
  • 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector. Infrastructure upgrades and network defense are also prioritised by 25 percent of CISOs; and breach prevention by 17 percent.
  • CISOs reporting into a technical function like CIO prioritize infrastructure upgrades, network defense and breach prevention.
  • CISOs reporting into a non-technical function like the COO or the General Counsel prioritize employee training.

Frequency of Reporting
While cyber-security used to be handled in the server room, it is now a board room topic. The study found that quarterly reports to the board of directors were most common (53 percent) with some CISOs (eight percent) reporting more than four times a year or even on a monthly basis. 

In the era of increasing security threats and vulnerabilities, CISOs know that keeping top leadership and boards updated regularly on these security risks and effective defenses is a top priority.
Most CISOs report to CIO, not CEO

As security has increasingly become a concern for financial institutions, the role of the CISO has been thrust into the organisational spotlight. The study found that the majority of CISOs don’t report to the CEO; the top cyber chain of command is more likely to be the CIO; followed by CRO and then COO.

  • Sixty-six percent of CISOs report into the CIO, CRO and COO. Only eight percent of CISOs report into the CEO. The study found that the reporting relationship did not impact frequency of reporting to the board of directors on cyber-security.

Recommendations for 2018
Training employees should be prioritised for all CISOs, regardless of reporting structure because employees serve as the first line of defense. 

Employee training should include awareness about downloading and executing unknown applications on company assets, and in accordance with corporate policies and relevant regulations, and training employees on how to report suspicious emails and attachments.

HelpNetSecurity:

You Might Also Read: 

Three Most In-Demand Cybersecurity Jobs:

What Every CISO Needs To Know:

Bank of England: Cyberattacks A 'Clear and Present Danger':


 

 

« What Does The US Air Force Want From AI?
Discover Your Inner Spy »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Delfigo Security

Delfigo Security

Delfigo Security, a pioneer in intelligent authentication, provides a strong, multi-factor authentication solution to prevent identity theft and reduce fraud.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Arakyta

Arakyta

Arakÿta specializes in business strategy, work flow process and IT systems for organizations.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.

Icon Information Systems (ICONIS)

Icon Information Systems (ICONIS)

ICONIS is an integrated infrastructure and service provider, offering unified Information Technology (IT) solutions globally.

ITUS Secure Technologies

ITUS Secure Technologies

ITUS offer fully outsourced cybersecurity solutions working with leading security vendors, providing next-gen solutions.

OmniSecuritas Technologies

OmniSecuritas Technologies

Omnisecuritas assists businesses in maintaining secure and resilient operations by providing comprehensive, affordable, turnkey cybersecurity products and services to businesses of all sizes.