Press ReleaseCyber SafetyThreat Detection & Defense

IDC Survey Insights and Key Findings on the Evolution of CISOs

In November 2023, IDC conducted an extensive global survey with 847 security leaders across 17 countries to better identify their roles, responsibilities, and the realities they face on the job. Responses confirmed that the CISO role is evolving as they straddle dual responsibilities as a cyber security leader and a business enabler.

The survey also showed today’s CISO role is much different than you might think. Many might believe a CISO’s sole responsibility is to assess risks, develop, manage, and execute security programs to protect the organisation. That is no longer the case. Survey responses showed that security practices must be in full alignment with business and innovation initiatives. The modern CISO is one that can capably balance strategic business needs with technical practice tactics.

The digital transformation is one ingredient that has necessitated the agility needed by CISOs. Connectivity via the internet, while boosting business growth, has also opened the doors for advanced cyber attacks. Cyber security is a top business priority, and it is the CISO who must keep an organisation’s assets safe.

Other key IDC survey insights:

  • Strategic thinking: CISOs are thinking strategically about business goals and security technologies and architectures. Today’s landscape consists of networks, clouds, and assorted endpoints and providing resilience to sophisticated cyber attacks is an all-consuming strategic process.

  • Expanding CISO role: In addition to business enabler and guardian, as CISOs mature in their role, they become legal and compliance advisors, risk managers, auditors, customer support leaders, and a chief communicator. CISOs are extremely concerned with the inflationary impact on the budget rather than staffing

  • CISOs and CIOs: The CISO and CIO relationship is much more complex than most believe. CISOs and CIOs though aligned to work together, the survey they are not always on the same page with IT and security priorities. CISOs and CIOs, for example, have diverging opinions on the role a CISO may play when it comes to business resiliency.

Strategic Thinking
Following is a sample response to a selected survey question:

Strategic Skills Are Most Important for A CISO
Several questions surveyed both CISOs and CIOs on what they believe are the chief CISO roles and responsibilities. In response to “Thinking about strengths and skills that a CISO should possess, which of the following are most important?”


1.1

Expanding CISO Role: Security Executives Are Looking to Drive Business Initiatives
In response to “What is the most important way you see your role evolving over the next 12-24 months?”


1.2

“As a practising CISO from start-ups to enterprise organisations for many years, this survey validates many of my experiences. Being a CISO is an extremely challenging, continuously evolving role. As the security leader, you need to have a broad understanding of the business, technologies, regulatory and legal considerations, and strategic focus while contending with increasingly sophisticated cyber attacks. I believe this survey will inspire my fellow CISOs to know that we share many of the same insights and challenges no matter where they’re located around the world.” – Cindi Carter, Global CISO, Check Point Software Technologies.

CISOs and CIOs Priorities Are Not Aligned
In response to the following, “What are the CISOs areas of top priority with IT? What are the CIOs’ areas of top priority in working with cybersecurity?


1.3

CISOs are most focused on cybersecurity and vulnerabilities. CIOs are focused on seeking faster response times from IT and ensuring business continuity and resilience, minimising disruption, which is not on CISOs’ radar.

“Even though I’ve been an analyst covering the cybersecurity sector, I was surprised by the results, particularly the complex relationship CISOs have within their organisations. The survey insights really confirm and dispel what we believe about the CISO role and how far it has evolved. – Frank Dickson, Program VP Cybersecurity Products, IDC.

In Summary
“We are extremely proud to have commissioned this important research with IDC,” said Kristin Owens, VP of Corporate Marketing, Check Point. “This landmark survey helps cement what security and IT leaders around the globe believe about their roles, responsibilities, and realities on the job. It confirms that CISOs have evolved from security heads to also being key enablers of business growth initiatives. Whether you’re a CISO, CIO, or other business or technical executive, there are takeaways for everyone.”

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *