What Do CISOs Prioritise To Improve Cybersecurity?

In a new study by The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organisations.

Critical Defense

  • CISOs surveyed were split on their top priorities for securing their organisations against cyber-attacks. 
  • 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector. Infrastructure upgrades and network defense are also prioritised by 25 percent of CISOs; and breach prevention by 17 percent.
  • CISOs reporting into a technical function like CIO prioritize infrastructure upgrades, network defense and breach prevention.
  • CISOs reporting into a non-technical function like the COO or the General Counsel prioritize employee training.

Frequency of Reporting
While cyber-security used to be handled in the server room, it is now a board room topic. The study found that quarterly reports to the board of directors were most common (53 percent) with some CISOs (eight percent) reporting more than four times a year or even on a monthly basis. 

In the era of increasing security threats and vulnerabilities, CISOs know that keeping top leadership and boards updated regularly on these security risks and effective defenses is a top priority.
Most CISOs report to CIO, not CEO

As security has increasingly become a concern for financial institutions, the role of the CISO has been thrust into the organisational spotlight. The study found that the majority of CISOs don’t report to the CEO; the top cyber chain of command is more likely to be the CIO; followed by CRO and then COO.

  • Sixty-six percent of CISOs report into the CIO, CRO and COO. Only eight percent of CISOs report into the CEO. The study found that the reporting relationship did not impact frequency of reporting to the board of directors on cyber-security.

Recommendations for 2018
Training employees should be prioritised for all CISOs, regardless of reporting structure because employees serve as the first line of defense. 

Employee training should include awareness about downloading and executing unknown applications on company assets, and in accordance with corporate policies and relevant regulations, and training employees on how to report suspicious emails and attachments.

HelpNetSecurity:

You Might Also Read: 

Three Most In-Demand Cybersecurity Jobs:

What Every CISO Needs To Know:

Bank of England: Cyberattacks A 'Clear and Present Danger':


 

 

« What Does The US Air Force Want From AI?
Discover Your Inner Spy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

CLUSIF

CLUSIF

Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Basque Digital Innovation Hub (BDIH)

Basque Digital Innovation Hub (BDIH)

The aim of the BDIH initiative is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.

Anterix

Anterix

Anterix is focused on empowering the modernization of critical infrastructure and enterprise businesses by enabling private broadband connectivity.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Kobalt.io

Kobalt.io

Kobalt are bringing the monitoring capabilities of enterprise-class security teams to smaller organizations.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.