Are C-Level Execs Disparaging CISOs?
It wasn't that long ago that the CIO's place in the C-suite was questioned, and the role was marginalized by other executives who felt CIOs should just focus on software and hardware. Well, that attitude is nothing compared to the beating chief information security officers (CISOs) take in a recent survey conducted by ThreatTrack Security. The security vendor surveyed more than 200 C-level executives this summer, and the findings indicate that information security leaders have some work to do if they want to earn the respect of their C-level peers. Responding executives made it clear that they do not view CISOs as equals, and they sometimes even blame CISOs for undermining the bottom line. "CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach, and they are significantly undervalued for the work they do every day to keep corporate data secure," says Julian Waits, Sr., CEO of ThreatTrack. "This perception needs to change, as CISOs—and the teams that work with them—should be viewed as drivers for business protection and growth." ThreatTrack offers some suggestions for CISOs who want to enhance their image in their company. Among these: Formalize your role; develop and communicate a strong security strategy; forge strong relationships with other C-level execs; and focus on the economic impact of risk and develop metrics that illustrate the financial impact of security efforts.