The good news is more US enterprises are employing a specialized chief information security officer.
The bad news is CISOs may be hired to specifically have someone to point a finger at when a breach happens, according to a recent survey.
Cybersecurity firm ThreatTrack Security said it surveyed more than 200 C-level executives at US companies with a CISO.
An overwhelming 74 percent said CISOs do not deserve a seat at a table occupied by other more traditional C-suite executives. However, 44 percent of respondents said CISOs “should be accountable for any organizational data breaches.”
Just 27 percent said their CISO greatly improves day-to-day information security practices.
“Our research suggests CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach, and they are significantly undervalued for the work they do every day to keep corporate data secure,” said Julian Wells Sr, ThreatTrack president and CEO, in a statement.
One might guess that a company looking to hold its CISO accountable for any breach would allow the officer to take part in security strategies and technology purchasing, but less than half of executive surveyed said CISOs should be in on these conversations. More than 60 percent said their CISO would not be successful in a leadership role outside of information security. Nearly 70 percent said CISOs do not have a broader awareness of organizational objectives.
Among those surveyed were chief information officers. ThreatTrack concludes the survey reveals a “turf battle” between the two roles. Fifty-three percent of CIOs say CISOs should be responsible for all data breaches. This was the highest percentage of all other C-level executives surveyed. Nearly an equal number of CISOs report directly to CIOs and chief executive officers, according to the survey. CEOs generally have a higher opinion of CISOs. More CEOs than CIOs gave their CISO an A-grade.