The CISO's Job Is Getting More Complex

Uploaded on 2021-09-22 in TECHNOLOGY--Resilience, FREE TO VIEW

Most organisations experienced cyber security problems as they began working with a remote and home working workforce as a consequence of the Coronavirus and the importance of a robust cyber security capability has never been more apparent. 

Now, research from executive search and consulting firm Marlin Hawk highlights the job of the Chief Information Security Officer (CISO) and the issues arising for  succession planning failures and a lack of diversity.  The Report analyses the role of the CISO regarding the short- and long-term impacts of the pandemic, perspectives on diversity, tenure, and succession, as well as the impact of cyber security expertise at the board level. 

It consists of research from CISOs at 400+ of the world’s largest companies and direct feedback from Fortune 500 CISOs at organisations like Bank of America, Humana, TD Bank Group, Equifax, Credit Suisse and BT Security. “There are so many more industries recognising the importance of technology as a result of the pandemic, and therefore the importance of CISOs, thus creating much more demand...  As this demand continues to grow, the demands on CISOs continue to evolve, including the talent agenda becoming ever more challenging.”said Jason Mallinder, Group CISO at Credit Suisse. 

Overall Key Findings Include:

  • 67% of those interviewed were hired by a new company, which translates to a poor job of retaining and promoting within.
  • 53% of CISOs interviewed assumed a new role during the pandemic, while just over a third took on an expanded role at their current place of employment.
  • 14% are women while only 21% are non-white, which highlights the industry’s overall inability to address diversity and inclusion (D&I).
  • Only 1% of Boards currently include a cybersecurity leader, underscoring a lack of comprehensive cybersecurity expertise and knowledge.

CISOs are supporting the shift to location-agnostic working practices and with the various solutions that have been put into place to enable a secure remote workforce. Many CISOs see the benefits to sustaining it, such as access to better and more diverse talent.

Indeed, many organisations find that a location-agnostic approach to hiring increases the candidate pool and raises the bar on the type of talent they can attract.

“The CISO role has become an interesting mix of digital and physical security...  The combination created new risk for CISOs, who had to architect solutions to ensure access to critical services and ways of working.”says Aman Raheja, CISO at Humana. Additionally, as remote work evolves into a more permanent, hybrid model for enterprises, changes in working and purchasing habits have emerged as a key differentiator for the Board. They frequently consult the CISO on a broader range of topics, which now include investment decisions.

CISOs Deserve More influence In The Boardroom

The Coronavirus pandemic introduced a new level of complexity as CISOs were given the task of securing a remote workforce and mitigating risks and threats, which increased as the enterprise network became more porous. The unprecedented pace at which CISOs have had to adapt has fundamentally changed their role to a key driver of business and digital transformation but also addressing all security needs across the enterprise: "There is a technology strategist role that is continuing to emerge... It goes beyond the security stack more broadly into questioning trust in our legacy technologies and where we need to make investments to mitigate against those risks. Where the CIO would traditionally be leading conversations about operational efficiency, you now see the CISO championing them, too." says Glenn Foster, CISO, TD Bank Group,

“The size of the boardroom table continues to grow, as governing a modern corporation continues to become more complex and less rooted in the purely financial lenses of the past...  If companies aren’t ready to add another seat for the CISO to their Board, then councils and committees must bridge this gap until they are, be it internal or advisory adjuncts to the Board. Starting with a cyber security and customer trust committee is a good first step." says James Larkin of Marlin Hawk.

CISOs Are In High Demand But Succesion Planning Is Rare

The turnover rate for CISOs is incredibly high and often closely related to pay and working conditions.Given the need for vigilance in the CISO role, high turnover rates do not necessarily pose a problem if organisations have a robust pipeline of cyber talent in place to respond in the event of an exit. To that end, many of the CISOs that Marlin Hawk spoke to reported a discrepancy between a slated successor and the candidate who is named to the role. 

  • This breakdown in the succession planning process is likely due, in part, to a lack of exposure by potential successors to the Board. And despite this current failure, several cyber security executives interviewed believe that a succession plan is vital. 
  • Soft skills have become crucial, but overall diversity and inclusion (D&I) is lacking. On top of incredibly high demand, internal tensions exacerbated by the pandemic have created a need for CISOs who have soft skills to communicate across the business and manage distributed teams: 
  • When it comes to diversity, a number of organisations have made significant improvements. Still, several have yet to tackle the issue of how to integrate diverse talent into their structure. For instance, women account for 14% of information security leaders, and non-white candidates account for just 21% of CISOs at large global enterprises. 

Overall, the evidence suggest that the the role of CISO has never been more complex, challenging and critical to the resilience of the organisations they work for.

Marlin Hawk:        Image: Unpslash

You Might Also Read: 

CISO's Cant Find The Right People:

 

« EU Proposes Legislation To Secure Connected Devices
North America VPN Market Will Soon Be Worth $70 Bn »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

Green House Data

Green House Data

Green House Data is a managed services provider delivering hybrid solutions to enterprises who need secure IT environments and efficient management of their critical applications and business data.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.

Anthropic

Anthropic

Anthropic is a Public Benefit Corporation, whose purpose is the responsible development and maintenance of advanced AI for the long-term benefit of humanity.

HazeGrayCyber

HazeGrayCyber

HazeGrayCyber offers comprehensive technical services to bring your company to the next level.