Data breaches are best avoided by Chief Information Security Officers (CISOs) through the implementation of a strong cybersecurity framework, but should disaster strike it could actually be good for a CISO’s job prospects, provided of course that the breach is successfully remediated. Otherwise, the reverse is likely to be the case.
That is the view of a majority of CISOs who took part in a recent Optiv Security survey for the company’s 2019 State of the CISO report. The study was conducted on CISOs and equivalent senior security staff in the United States and United Kingdom.
58% of respondents believed that surviving a data breach would make them more attractive to potential employers and that a data breach is no longer considered “a scarlet letter” for CISOs as many business executives now understand data breaches may not always be avoidable.
The report takes a look at the evolving role of the CISO, which has dramatically changed in recent years. While the role of the CISO was largely technical and heavily focused on securing IT systems, the role of the CISO has been elevated a level commensurate with other C-level executives, including the CIO to whom CISOs usually report.
Optiv attributes the elevation of the position due to the number of data breaches that are now occurring and new privacy regulations such as the EU’s General Data Protection regulation (GDPR) and the California Privacy Act (CCPA). Combined, they have helped make cybersecurity a tier-1 business risk.
The evolution of the role has been fast in many large organizations, although some companies still consider the CISO to be more of a hands-on technical role. The former have realized that the CISO plays an essential role in digital transformation and other business initiatives. Business executives are also increasingly aware that any cybersecurity incident, compliance failure, or data breach could prove catastrophic for the business.
Some of the key findings from the survey are detailed below:
- 67% of organizations prioritize cybersecurity over all other business considerations and see cybersecurity as a key enabling function across all business initiatives.
- 96% of business executives now have a much better understanding of cybersecurity and its importance than 5 years ago.
- 76% of surveyed security professionals believe the role of the CISO is so important that companies will soon be appointing CISOs as CEOs.
Interestingly, when asked what they would do if they were able to stop business for six months, most CISOs said they would prioritize employee education and new methodologies. Only 32% of CISOs would spend the time catching up on patching and vulnerability scanning, even though the exploitation of unpatched vulnerabilities is the cause of more than half of all data breaches.
The State of the CISO report can be downloaded from Optiv Security on this link.