The rise of the CISO: The escalation in cyberattacks makes this role increasingly important
As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.
The CISO role has taken on greater prominence at a time when cyberattacks have become relentless and increasingly sophisticated, and millions of people continue to work from home. Couple that with a number of high-profile cyberattacks and greater regulatory scrutiny. CISOs are in high demand, and companies are willing to pay a premium to recruit and retain them.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
“The chief information security officer (CISO) has become a position of critical importance to companies large and small, in technology and in nearly every other industry,” according to a 2021 survey by recruitment firm Heidrick & Struggles. The survey of 354 CISOs also revealed that U.S. CISOs earned a median salary of $509,000 in 2021, compared with $473,000 in 2020.
CISOs who used to “focus on network security, firewalls, security policies and governance now also find themselves tasked with securing connected devices, devising identity and access management systems, implementing artificial intelligence and machine learning, as well as risk management, privacy, investigations and physical security, among other issues,” the Heidrick & Struggles survey said. “And they are doing so while managing ever-larger teams.”
Eighty-eight percent of boards of directors now view cybersecurity as a business risk, as opposed to a technology risk, according to a recent survey from Gartner.
There’s never been a better time to be a CISO.
“CISOs are certainly getting more visibility at an executive and board level and are more closely involved in product and strategy discussions,” said Andre Durand, CEO of cloud identity security software provider Ping. “As cybercrime continues to increase and companies face monetary losses or damages, the role of the CISO and security overall or critical to business success.”
Whereas CISOs often reported to an organization’s CIO, that is changing as the role has become more strategic and less about IT function. Sixty-one percent of the CISOs surveyed by Heidrick & Struggles report to someone other than the CIO.
In more regulated industries such as healthcare, the CISO may report to whoever handles risk and audit, while those who work in SaaS/cloud/tech companies tend to find themselves under engineering leadership/CTO or the COO, according to the Heidrick & Struggles survey.