74% of C-Level Executives Do Not Believe CISOs Deserve a Seat at the Leadership Table

ThreatTrack Security research concludes Chief Information Security Officers need to strengthen their reputations and demonstrate their value within enterprises

Jul 31, 2014, 09:01 ET from ThreatTrack Security

RESTON, Va., July 31, 2014 /PRNewswire/ -- ThreatTrack Security – a leader in malware protection solutions that identify, stop and remediate advanced threats, targeted attacks and other sophisticated malware designed to evade traditional cyber defenses – today published a survey study of C-level executives that underscores a hotly-debated topic in executive circles; what is the role of the Chief Information Security Officer (CISO)?

Read the executive summary report here:

"The CISO's role has become increasingly complex and demanding, yet the value of their contributions aren't fully understood or appreciated by peers," concluded ThreatTrack Security President and CEO Julian Waits, Sr. "Our research suggests that CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach, and they are significantly undervalued for the work they do every day to keep corporate data secure. This perception needs to change, as CISOs, and the teams that work with them, should be viewed as drivers for business protection and growth."

Research firm Gartner Inc. believes "Enterprises should view the CISO as a business leader, and look to fill these roles with individuals who combine management skills and business knowledge with technical credibility."1

However, the study revealed that 74% of respondents do not agree that CISOs should be part of an organization's leadership team. Nearly half (44%) of C-level executives view the primary role of the CISO as being "accountable for any organizational data breaches."

Gartner recommends that CISOs "raise their visibility as enterprise strategists, aligning their efforts with overall business needs and risk requirements," and that the "key skills required by a successful CISO are increasingly managerial, collaborative and communicative…."1

Survey respondents say that CISOs are struggling in this regard. Asked whether "CISOs typically possess broad awareness of organizational objectives and business needs outside of information security," two-thirds (68%) did not agree. More than a quarter of respondents (28%) said their CISO has made cybersecurity decisions that have led to negative effects on the financial health of the organization, such as lost business, decreased productivity and impaired service levels.

"These findings point to a dilemma for CISOs and their peers in the C-suite," continued Waits. "If CISOs are not consulted by senior executives during decision-making processes, how can they be held responsible for major security breaches? CISOs serve a vital role in cybersecurity, but are struggling for the recognition and authority they need to be effective in defending organizations from today's precarious data security dangers."

As the prominence of CISOs rises within enterprises, the survey revealed other opportunities for CISOs to improve their perception among senior leadership. Other findings included:

  • Less than half (46%) of respondents believe CISOs should be responsible for cybersecurity purchasing decisions.
  • More than a third (39%) of respondents believe their CISO would be successful taking another leadership role, outside of information security, within their organization.
  • About a third (27%) of respondents believe their CISO contributes greatly to improving day-to-day security.
  • The perception that the role of the CISO exists primarily to take responsibility for data breaches is especially prevalent among retail (65%) and healthcare (55%) companies, which are among the most common targets of cyber-attacks.
  • Asked to grade the overall performance of their CISOs, 23% of participants gave their CISO an A for excellence; 42% said B for above average; and 30% said C for average.

The independent blind survey of 203 U.S.-based C-level executives - including CEOs, Presidents, CIOs, COOs, CFOs, General Counsels, Chief Legal Officers and Chief Compliance Officers in organizations that also employ either a CSO (Chief Security Officer) and/or CISO (Chief Information Security Officer) -  was conducted by Opinion Matters on behalf of ThreatTrack Security between June and July of 2014.

Full survey results are available upon request.

About ThreatTrack Security Inc.
ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber defenses deployed by enterprises and government agencies around the world. With more than 300 employees worldwide and backed by Insight Venture Partners and Bessemer Venture Partners, the company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more at www.ThreatTrackSecurity.com.

1 Gartner for IT Leaders Overview: The Chief Information Security Officer; Gartner Inc., July 29, 2013

Copyright © 2014 ThreatTrack Security, Inc. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.

Logo - http://photos.prnewswire.com/prnh/20140219/NE67666LOGO

SOURCE ThreatTrack Security