CISOs Still Struggling for Acceptance, Authority and Respect in the C-Suite

75% of C-level executives still do not believe CISOs deserve a seat at the leadership table

Jul 21, 2015, 09:00 ET from ThreatTrack Security Inc.

RESTON, Va., July 21, 2015 /PRNewswire/ -- ThreatTrack Security – a leader in cyber threat prevention solutions that substantially change how organizations respond to cyberattacks – today announced the results of its second annual Role of the CISO study. The survey of C-level executives at U.S. enterprises employing a Chief Information Security Officer (CISO) found that despite a rash of high-profile data breaches in the last year, many in the C-suite still fail to fully appreciate their CISO's contributions and view them primarily as scapegoats in the event of a data breach.

Read the report CISO Role Still in Flux here:

"Last year, we were surprised that so many executives neither understood nor valued the role of their CISO, and viewed them as convenient scapegoats in the event of a headline-grabbing data breach," said ThreatTrack President John Lyons. "This year, the data is stunning. With growing concerns about data breaches, organizations appreciate the need for cybersecurity leadership at the highest levels but have failed to make progress in empowering CISOs with the authority they need to successfully defend their organizations. In some areas, CISOs have lost ground."

47% of executives agreed their "organization should make it a priority to ensure your board of directors includes at least one member with a strong background in cybersecurity, possibly including someone who is, or has served as, a CISO at another enterprise." 33% even said they already had at least one member who meets those requirements. However, that does not translate into increased support for CISOs. Only 25% of respondents said "CISOs deserve a seat at the table and should be part of an organization's senior leadership team."

The study sheds light on C-level executives' opinions of CISOs, including:

The CISO's Value

  • Nearly 1 in 5 (19%) said "CISOs are primarily beneficial in that they represent an individual who is accountable for any data breaches"
    • 26% of CEOs and 14% of CIOs agreed
  • Just half (51%) of respondents said "CISOs provide valuable guidance to senior leadership related to cybersecurity" (a decrease of 1% from 2014)
  • 27% of executives (down 5% from last year) said "CISOs typically possess broad awareness of organizational objectives and business needs outside of information security"
  • 41% (compared to 31% in 2014) said "CISOs are being hired to address critical gaps in organizations' information security capabilities"

The CISO's Role

  • Nearly half (47%) said that "CISOs should be accountable for any organizational data breach" (a 3% increase compared to 2014)
  • 56% of respondents work in an organization where the CISO reports to the CIO and 41% report to the CEO
  • Only 38% said "CISO should be responsible and accountable for all information security strategies and cybersecurity technology purchasing decisions" (an 8% decline compared to 2014)
  • 21% (compared to 18% last year) said "CISOs should primarily be an advisor to IT and the CIO for information security strategy and cybersecurity technology purchasing decisions"

"These results pose a real dilemma for CISOs," continued Lyons. "If CISOs don't have visibility into operational plans and strategy, and aren't included in decision-making processes, how can they be held responsible for a major security issue? The need for information security is keenly appreciated, but CISOs are struggling for the recognition and authority they need to be effective in defending organizations from today's increasingly sophisticated and frequent cyber threats."

The CISO's Performance

  • On grading their CISOs, executives handed out far fewer A's (10% vs. 23%) for more B's (45% vs. 42%) and C's (34% vs. 30%) when compared to last year
  • Only 25% said "CISOs contribute greatly to improving our day-to-day information security practices" (down 2% from last year)
  • Only 19% said that CISOs' decisions have negatively impact their business, but 20% said their CISO has yet to make a decision

The CISO's Leadership

  • On the question of CISOs' abilities as senior leaders, this year's study found a strong jump in perception, almost a complete reversal from last year – 62% of executives (compared to 39% last year) said their CISO would be successful taking on a leadership position outside of IT security
    • 57% of CEOs and 50% of CIOs agreed

The independent blind survey of 200 U.S.-based C-level executives – including CEOs, Presidents, CIOs, COOs, CFOs, General Counsels, Chief Legal Officers and Chief Compliance Officers in organizations that also employ either a CSO (Chief Security Officer) and/or CISO (Chief Information Security Officer) –  was conducted by Opinion Matters on behalf of ThreatTrack in June of 2015.

Full survey results are available upon request.

About ThreatTrack Security Inc.
ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber defenses deployed by enterprises and government agencies around the world. With more than 300 employees worldwide and backed by Insight Venture Partners and Bessemer Venture Partners, the company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more at


Copyright © 2015 ThreatTrack Security, Inc. All rights reserved. All other trademarks are the property of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.

Logo -

SOURCE ThreatTrack Security Inc.