CISOs React: Almost Half Plan to Depart Without Industry Action

A recent survey conducted by Trellix sheds light on the current state of the Chief Information Security Officer (CISO) role. The survey highlights the expectations, challenges, and responsibilities associated with the position, along with the recent evolution of the CISO role. It was found that 91% of respondents believe the increased expectations will lead to a higher turnover rate in the CISO role, and 84% suggest dividing the role into two separate positions – a technical CISO and a business-focused BISO. In the absence of positive changes within the industry, almost half (49%) of CISOs do not see themselves continuing in the role in the future. 

George Jones, the Chief Information Security Officer at Critical Start, offers insights on how splitting responsibilities among multiple roles could be advantageous. 

“By dividing the CISO role into a technical aspect focusing on threat mitigation, incident response, and defense mechanisms, and a business-oriented component ensuring alignment with business objectives, compliance, and risk management, a more balanced leadership structure can be achieved,” Jones explains. “This segregation could streamline decision-making processes and enhance overall security posture and resilience, provided both roles maintain clear and consistent communication to support the organization’s strategic goals.

The survey also highlighted challenges faced by CISOs in conveying cybersecurity risks to board members and the C-suite. 66% of respondents noted that the board does not fully grasp the cybersecurity issues presented to them, and 59% feel misalignment between their perspectives and those of the CIO or CEO. 

Jones expands on these challenges, emphasizing the need for clear communication to translate cybersecurity risks into business language that resonates with the board’s priorities.

It is crucial for CISOs to manage these challenges effectively to ensure success in their role. To address these obstacles, Jason Fruge, Resident CISO at XM Cyber, suggests empowering the chain of command to elevate operational levels and instituting partnerships with legal counsel and participating in information-sharing networks. 

Mr. Agnidipta Sarkar, Vice President CISO Advisory at ColorTokens, advises CISOs to understand business operations and regulatory changes, educate the board members, and collaborate with legal counsel to stay ahead of cybersecurity regulations. Continuous learning and bridging the knowledge gap through communication initiatives are essential for navigating the evolving landscape of cybersecurity.

How can CISOs manage the challenges of the role? 

Despite the increasing challenges, CISOs can leverage supportive team members and strategic partnerships to enhance their capabilities and ensure alignment with business objectives. By fostering collaboration and continuous learning, CISOs can navigate the complexities of the role and drive effective cybersecurity strategies within their organizations.