CISOs take on extra responsibilities
The majority of CISOs are taking on responsibilities beyond cybersecurity, including business risk, IT oversight, and digital transformation. Three percent of CISOs attribute their raise to taking on larger scope, while others see it reflected in merit increases.
New research from IANS Research and Artico Search surveyed over more than 830 CISOs and other security leaders to understand the key trends and challenges reshaping CISO role.
The report divides CISOs into three groups, strategic CISOs (28 percent) who excel in both C-suite access and boardroom influence, frequently engaging with top executives to align cybersecurity with broader business goals. Functional CISOs (50 percent) that have significant influence in either the C-suite or boardroom but lacking consistent visibility in both areas. And tactical CISOs (22 percent positioned as back-office technical practitioners, these CISOs face limited access to senior leadership and infrequent engagement with the board.
"With CISO scope expanding and evolving, security leaders continue to be viewed as business executives rather than simply technical leaders," says Steve Martano, IANS Faculty and executive cyber recruiter at Artico Search. "Effective communication with senior executives has never been more important, as alignment between business strategy and security programming is essential for long-term partnership and success. This report demonstrates that board engagement and C-suite access is critical in shaping the future of a security program and a CISO’s career."
Strategic CISOs, who excel in C-suite access and board engagement, earn significantly higher compensation -- 57 percent more than their functional peers and twice that of tactical CISOs.
Currently only 47 percent of CISOs say they engage with their boards on a monthly or quarterly basis and 42 percent meet with their boards on an ad hoc basis, if at all. However, CISOs with regular board access and executive visibility report significantly higher job satisfaction compared to those without board access.
"The CISO role is undergoing a seismic shift -- they are no longer just security leaders but are increasingly pivotal business strategists," says Nick Kakolowski, senior research director at IANS. "As their responsibilities expand into areas like business risk and IT oversight, the ability to align cybersecurity with organizational goals sets transformative leaders apart. Those who navigate these expanded responsibilities effectively are redefining the role as indispensable to business success, amplifying their influence and driving greater organizational impact."
You can get the full report from the IANS site.
Image credit: PantherMediaSeller/depositphotos.com