The CISO's Job Is Getting More Complex

Uploaded on 2021-09-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Most organisations experienced cyber security problems as they began working with a remote and home working workforce as a consequence of the Coronavirus and the importance of a robust cyber security capability has never been more apparent. 

Now, research from executive search and consulting firm Marlin Hawk highlights the job of the Chief Information Security Officer (CISO) and the issues arising for  succession planning failures and a lack of diversity.  The Report analyses the role of the CISO regarding the short- and long-term impacts of the pandemic, perspectives on diversity, tenure, and succession, as well as the impact of cyber security expertise at the board level. 

It consists of research from CISOs at 400+ of the world’s largest companies and direct feedback from Fortune 500 CISOs at organisations like Bank of America, Humana, TD Bank Group, Equifax, Credit Suisse and BT Security. “There are so many more industries recognising the importance of technology as a result of the pandemic, and therefore the importance of CISOs, thus creating much more demand...  As this demand continues to grow, the demands on CISOs continue to evolve, including the talent agenda becoming ever more challenging.”said Jason Mallinder, Group CISO at Credit Suisse. 

Overall Key Findings Include:

  • 67% of those interviewed were hired by a new company, which translates to a poor job of retaining and promoting within.
  • 53% of CISOs interviewed assumed a new role during the pandemic, while just over a third took on an expanded role at their current place of employment.
  • 14% are women while only 21% are non-white, which highlights the industry’s overall inability to address diversity and inclusion (D&I).
  • Only 1% of Boards currently include a cybersecurity leader, underscoring a lack of comprehensive cybersecurity expertise and knowledge.

CISOs are supporting the shift to location-agnostic working practices and with the various solutions that have been put into place to enable a secure remote workforce. Many CISOs see the benefits to sustaining it, such as access to better and more diverse talent.

Indeed, many organisations find that a location-agnostic approach to hiring increases the candidate pool and raises the bar on the type of talent they can attract.

“The CISO role has become an interesting mix of digital and physical security...  The combination created new risk for CISOs, who had to architect solutions to ensure access to critical services and ways of working.”says Aman Raheja, CISO at Humana. Additionally, as remote work evolves into a more permanent, hybrid model for enterprises, changes in working and purchasing habits have emerged as a key differentiator for the Board. They frequently consult the CISO on a broader range of topics, which now include investment decisions.

CISOs Deserve More influence In The Boardroom

The Coronavirus pandemic introduced a new level of complexity as CISOs were given the task of securing a remote workforce and mitigating risks and threats, which increased as the enterprise network became more porous. The unprecedented pace at which CISOs have had to adapt has fundamentally changed their role to a key driver of business and digital transformation but also addressing all security needs across the enterprise: "There is a technology strategist role that is continuing to emerge... It goes beyond the security stack more broadly into questioning trust in our legacy technologies and where we need to make investments to mitigate against those risks. Where the CIO would traditionally be leading conversations about operational efficiency, you now see the CISO championing them, too." says Glenn Foster, CISO, TD Bank Group,

“The size of the boardroom table continues to grow, as governing a modern corporation continues to become more complex and less rooted in the purely financial lenses of the past...  If companies aren’t ready to add another seat for the CISO to their Board, then councils and committees must bridge this gap until they are, be it internal or advisory adjuncts to the Board. Starting with a cyber security and customer trust committee is a good first step." says James Larkin of Marlin Hawk.

CISOs Are In High Demand But Succesion Planning Is Rare

The turnover rate for CISOs is incredibly high and often closely related to pay and working conditions.Given the need for vigilance in the CISO role, high turnover rates do not necessarily pose a problem if organisations have a robust pipeline of cyber talent in place to respond in the event of an exit. To that end, many of the CISOs that Marlin Hawk spoke to reported a discrepancy between a slated successor and the candidate who is named to the role. 

  • This breakdown in the succession planning process is likely due, in part, to a lack of exposure by potential successors to the Board. And despite this current failure, several cyber security executives interviewed believe that a succession plan is vital. 
  • Soft skills have become crucial, but overall diversity and inclusion (D&I) is lacking. On top of incredibly high demand, internal tensions exacerbated by the pandemic have created a need for CISOs who have soft skills to communicate across the business and manage distributed teams: 
  • When it comes to diversity, a number of organisations have made significant improvements. Still, several have yet to tackle the issue of how to integrate diverse talent into their structure. For instance, women account for 14% of information security leaders, and non-white candidates account for just 21% of CISOs at large global enterprises. 

Overall, the evidence suggest that the the role of CISO has never been more complex, challenging and critical to the resilience of the organisations they work for.

Marlin Hawk:        Image: Unpslash

You Might Also Read: 

CISO's Cant Find The Right People:

 

« EU Proposes Legislation To Secure Connected Devices
North America VPN Market Will Soon Be Worth $70 Bn »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Rapid7

Rapid7

Rapid7 unites cloud risk management and threat detection to deliver results that secure your business and ensure you’re always ready for what comes next.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.