The rise of CISO: Cyberattacks are increasing in severity makes this role more important

As digital technology has evolved, so has the organization’s need for cybersecurity and data security. A new study examines where CISOs are in the business.

Image: LeoWolfert/Shutterstock

The CISO job has gained more prominence in a period when cyberattacks have become more sophisticated and relentless, and millions of people work from home. Combine that with high-profile cyberattacks as well as increased regulatory scrutiny. Companies will pay a premium in order to retain and recruit CISOs.

SEE: Google Chrome: Security and UI tips you need to know  (TechRepublic Premium)

According to a survey conducted by recruitment firm Recruitment Firm in 2021, the chief information security officer (CISO), has been a crucial position for large and small companies in technology and nearly all other industries.” Heidrick & Struggles. According to the survey, 354 CISOs reported that the average salary for U.S. CISOs was $509,000 in 2021 compared to $473,000 for 2020.

CISOs who used to “focus on network security, firewalls, security policies and governance now also find themselves tasked with securing connected devices, devising identity and access management systems, implementing artificial intelligence and machine learning, as well as risk management, privacy, investigations and physical security, among other issues,” the Heidrick & Struggles survey said. They are managing larger teams while doing this.

According to a study, eighty-eight% of boards of directors see cybersecurity as a risk to their business, and not as a threat to technology. Gartner recently conducted a survey.

It has never been a more exciting time to be a CISO.

Andre Durand (CEO of Ping cloud identity security platform provider) stated, “CISOs are definitely getting more visibility at executive and board-level and are more closely involved product and strategy discussions.” “As cybercrime increases and companies face monetary loss or damages, the CISO role and security all are crucial to business success.”

CISOs were once reported to their CIO. However, this is changing as the role becomes more strategic and less IT-focused. Sixty-one percent of the CISOs surveyed by Heidrick & Struggles report to someone other than the CIO.

In more regulated industries such as healthcare, the CISO may report to whoever handles risk and audit, while those who work in SaaS/cloud/tech companies tend to find themselves under engineering leadership/CTO or the COO, according to the Heidrick & Struggles survey.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)  

Durand stated that “the CISO must be able influence across organizations. That’s the most important aspect of this job.”  

He said that those who are more vulnerable to financial, intellectual, or privacy issues will be more open to the benefits of a CISO. Durand stated that cybercriminals don’t discriminate by industry verticals. Every company should strive to have some degree of executive sponsorship regarding security for their business.

What CISOs should be focusing on in 2022

Cloud-based software is being adopted by companies, with a focus on security architecture and protections. Durand explained that ransomware is still a significant cyber threat. Companies must continue to work to prevent them from happening and also make it possible to recover from ransomware.

He stated that it was crucial for any digital business to be able to resist attacks like DDoS and Botnet attacks. “Overall, we believe the industry is pushing towards a zero trust model and that there is a lot of work being done in this area.”

Yet, companies face difficulties in keeping up with rapid technology changes. Durand explained that this means that “security teams need be well-versed with the technology being used at a company to give guidance around keeping that technology safe.” “The talent pool for security professionals is also small. [and]It is difficult to hire and retain talent regardless of the industry.

Gartner suggested that CIOs, CISOs, and CIOs should rebalance their cybersecurity responsibility so that it is shared among business and enterprise leaders. Gartner recommends that business decisions that impact enterprise security should be shared. IT and security leaders need to work together with executives and boards of director in order to establish greater governance.

Durand agreed that a CISO who is supported by the board and overseen in the boardroom can help to raise awareness of technology risks facing each company. “A good committee should include a variety of opinions and experience, and the CISO should be one of them.”

He stated that no matter who the CISO reports, they should work with and support the CIO. “The CIO will be responsible for continuing to implement and enforce security controls in the systems they manage. CIOs, CTOs, and CISOs need to be closely partnered to the benefit of the company.

Also, please see