'Why am I right for the CISO job? Well, we had a massive data breach...'
A new study from Optiv Security shows that 58 percent of CISOs think experiencing a data breach makes them more attractive to potential employers.
The survey results show a fundamental change in how senior executives and board members perceive cybersecurity, with 96 percent agreeing that senior executives have a better understanding than they did five years ago.
In addition 67 percent say their businesses prioritize cybersecurity above all other business considerations, and 76 percent indicate that cybersecurity risk has become important enough to businesses that CISOs will begin to be named as CEOs.
"Some organisations are further along this evolutionary curve than others, but without business' buy-in to a cybersecurity program, CISOs will undoubtedly struggle to keep their organisations safe from looming cyber threats," says Andrzej Kawalec, Optiv's director of strategy and technology, Europe. "We are seeing a significant shift in the industry, whereby cybersecurity is now a business issue. CISOs are being regarded as an important part of major business initiatives such as next-generation digital transformation, which has led to more funding for cyber programs. The board now understands that a major security or compliance miscue can derail a business."
There are some worrying findings too, with 54 percent of US CISOs and 44 percent of UK ones indicating that they practice their incident response plans at a frequency of once a year or less. Industry best practices call for frequent incident response tests and practice, so teams are ready for the real thing when it happens.
Breaches still seem to serve as a wake-up call for organizations, with 39 percent of businesses implementing changes in their security program only after an incident. While 65 percent say that recovery from the breach was well coordinated and successful, over a third (35 percent) report that recovery costs were still higher than it would have cost to invest in better breach defence.
You can get the full State of the CISO report on the Optiv website.