Security News

Boards should prioritize conversations around how an organization can modernize their technology infrastructure, leveraging architectures where security is built in, not bolted on, to drive better security, agility, and efficiency. How can boards balance fostering innovation and ensuring that security remains a priority throughout the organization's initiatives?

This year, 20% of CISOs did not receive a raise, double that of a year ago, while the share of CISOs with bigger retention bonuses and equity packages also declined to 12% and to 8%, respectively. "At a macro level, CISOs had a good year as significant compensation increases continued despite a challenging economic environment," stated Nick Kakolowski, Senior Research Director at IANS. "On closer inspection, we're seeing CISOs getting elevated in the business, taking on a larger scope and being exposed to increased liability. Commensurate compensation increases aren't extending into the middle and lower quartiles of the market. We expect CISOs to seek change as a result - something evidenced in 75% of respondents saying they are considering a job change in the next 12 months."

86% of CISOs believe generative AI will alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic, according to Splunk. "The C-Suite and board of directors are increasingly relying on CISOs for guidance across a sophisticated threat landscape and changing market conditions," said Jason Lee, CISO, Splunk.

That's according to the latest results of IANS' survey of 600 US-based CISOs, which also found that most people working in the role are either earning below $400,000 or above $700,000 a year. One in five of all CISOs earn above $700,000 and half of these corporate rockstars are paid more than $1 million a year.

In this Help Net Security interview, Okey Obudulu, CISO at Skillsoft, talks about the increasing complexity of the CISO role and challenges they face. With the increasing complexity of the CISO role, what are the top three challenges you believe they face, and how can they best address these?

Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management, information security resilience, data security, and information security assurance and testing. Of the 150 information security decision makers surveyed, 28% of CISOs agreed that the value of their role was recognised by the board.

Board members have those concerns even though 73% view cybersecurity as a priority, 72% believe their board clearly understands the cyber risks they face, and 70% believe they have adequately invested in cybersecurity. "The newfound alignment between board members and their CISOs on cyber risk and preparedness is a positive sign that the two sides are working closer together and making progress. However, this growing alliance hasn't yet delivered significant changes in cybersecurity posture, despite boards feeling good about the time and resources they're investing to combat this risk," said Ryan Kalember, EVP of cybersecurity strategy at Proofpoint.

This relatively low percentage reflects the current state of the industry, where vCISO services are still an emerging market. The vCISO landscape is expected to change dramatically by the end of 2024.

Meatbag errors are keeping CISOs awake at night, according to Proofpoint's "Cybersecurity: The 2023 Board Perspective" report, with 78 percent tapping it as the most significant risk. Global board members remained jittery - researchers found 73 percent felt at risk of cyber-attack.

The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, Founder of CyAlliance and former CISO at companies like Warner Brothers and Home Depot - shared their perspectives on how to run an effective SOC in 2023.