CISOs are gaining more influence in the boardroom
The role of the CISO has always been a somewhat secondary one in terms of the overall big picture of running a business.
However, a new study from cybersecurity company Coalfire shows that the CISO role is maturing quickly, and gaining more of a voice in the boardroom.
In the last year there has been a 10-point increase in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.
Security teams are also increasingly being included in corporate projects. Of the security leaders surveyed, 78 percent say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56 percent of CISOs now say they present security metrics to their CEOs, up from 43 percent in 2021.
Alongside increasing influence though the role also faces a number of challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements -- all within constrained budgets. In fact, 43 percent of security leaders say their budgets have remained static or been reduced following business migration to the cloud.
This has led to a change of approach, with security leaders focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments are identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.
"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," says Coalfire CEO Tom McAndrew. "Cybersecurity has historically been lower in priority for organizations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."
The full report is available from the Coalfire site.