What Do CISOs Prioritise To Improve Cybersecurity?

Uploaded on 2018-02-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

In a new study by The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organisations.

Critical Defense

  • CISOs surveyed were split on their top priorities for securing their organisations against cyber-attacks. 
  • 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector. Infrastructure upgrades and network defense are also prioritised by 25 percent of CISOs; and breach prevention by 17 percent.
  • CISOs reporting into a technical function like CIO prioritize infrastructure upgrades, network defense and breach prevention.
  • CISOs reporting into a non-technical function like the COO or the General Counsel prioritize employee training.

Frequency of Reporting
While cyber-security used to be handled in the server room, it is now a board room topic. The study found that quarterly reports to the board of directors were most common (53 percent) with some CISOs (eight percent) reporting more than four times a year or even on a monthly basis. 

In the era of increasing security threats and vulnerabilities, CISOs know that keeping top leadership and boards updated regularly on these security risks and effective defenses is a top priority.
Most CISOs report to CIO, not CEO

As security has increasingly become a concern for financial institutions, the role of the CISO has been thrust into the organisational spotlight. The study found that the majority of CISOs don’t report to the CEO; the top cyber chain of command is more likely to be the CIO; followed by CRO and then COO.

  • Sixty-six percent of CISOs report into the CIO, CRO and COO. Only eight percent of CISOs report into the CEO. The study found that the reporting relationship did not impact frequency of reporting to the board of directors on cyber-security.

Recommendations for 2018
Training employees should be prioritised for all CISOs, regardless of reporting structure because employees serve as the first line of defense. 

Employee training should include awareness about downloading and executing unknown applications on company assets, and in accordance with corporate policies and relevant regulations, and training employees on how to report suspicious emails and attachments.

HelpNetSecurity:

You Might Also Read: 

Three Most In-Demand Cybersecurity Jobs:

What Every CISO Needs To Know:

Bank of England: Cyberattacks A 'Clear and Present Danger':


 

 

« What Does The US Air Force Want From AI?
Discover Your Inner Spy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

SABSACourses

SABSACourses

SABSA is a development process used for solving complex problems such as IT Operations, Risk Management, Compliance & Audit functions.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

Jumio

Jumio

Jumio’s end-to-end identity verification and authentication solutions fight fraud, maintain compliance and onboard good customers faster.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Kleiner Perkins

Kleiner Perkins

For five decades, Kleiner Perkins has made history by partnering with some of the most ingenious and forward-thinking founders in technology and life sciences.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

Servadus

Servadus

Servadus help organizations with their cybersecurity and compliance programs through management and sustainability, consulting, and assessing.

RySec

RySec

RySec specialize in affordable cybersecurity solutions designed to protect your business from today’s ever-evolving threats.