The expanding CISO role
The CISO’s role has undergone numerous changes in the past two years, changes that have expanded the role as cybersecurity has become more central in today’s digitally enabled businesses. CISOs are shifting from an IT to a security focus and assuming a broader range of responsibilities that span functions across the enterprise.
For any role overseeing cyber security, it’s tough to stay ahead of the dynamically changing threat landscape. As the stakes are particularly high for CISOs, almost half say they don’t feel prepared.1
Instead of the standard slope, we have seen a hockey stick rise in cybersecurity risks from more connections between everything and the adoption of new technologies. At the same time, the threat environment has significantly increased in scope, intensity, and sophistication. Then you throw in the pandemic and its massive strain on workforces and supply chains, and now the geopolitical environment. Given all that, you could argue that cybersecurity is at an inflection point.”
Gary McAlum
| Board Director
National Cybersecurity Center 2
The number one change: Expanded responsibility relating to data privacy and compliance
According to almost half of cybersecurity executives from 1200 companies who participated in a comprehensive benchmarking study, CISOs are taking on more accountability for privacy and compliance, among other activities and tasks.3
Of course, more responsibilities can mean more challenges, which compliance consistently brings. Audit prep is a costly activity and a tremendous resource drain due to the ongoing introduction of new compliance frameworks and standards. Adhering to internal security policies as well as governmental and industry regulations adds pressure to IT and security teams that struggle to keep up.
To address this challenge, organizations need a network security policy management solution that can automate compliance workflows to reduce risk and maximize resources. They can reduce audit prep time, customize reports based on business requirements, and easily identify and address compliance violations. The result is a time-saving compliance process and a more efficient team, so that resources can be allocated to other high-priority tasks.
CISOs have a starring role in the new normal
According to Gidi Cohen, CEO and Founder, Skybox Security, “CISOs have a starring role in the new normal. Cybersecurity has become a central part of how businesses grow and operate. CISOs’ influence with the CEO and board has greatly increased. Radical change brings an opportunity for a dramatic shift in how organizations approach their security programs. The CISO role will no longer be primarily technical. CISOs will broaden their purview to include the ‘business of cybersecurity’. Modern CISOs will make the business case for cyber initiatives and address overall business risk. They will also need to quantify the return on investment of those initiatives. CISOs will be highly knowledgeable about the state of cybersecurity and the threat landscape. They will share this knowledge with the board in business terms and build proactive security posture management programs that take this global picture into account.”
Top ten ways the CISO role has changed
According to survey respondents, the CISO role has changed in the following ten ways over the past two years:4
- Expanded responsibility relating to data privacy and compliance.
- Greater management of customer and insider fraud.
- Growing role in vendor, third-party, and supply chain management.
- Greater role in operational resiliency and business continuity.
- Greater focus on security posture than IT.
- Increasing interaction with the board of directors and senior management.
- Greater involvement in enterprise and geopolitical risk management.
- Greater influence over the organization’s strategy and operations.
- Bigger role in digital transformation and business strategy.
- Greater management of operational technology.
Get the full report:
