THE BALBIX BLOG

Musings on predictive cyber risk and resilience.

 

CISOs weigh-in on budgets, wish lists, and security as a business priority

Today’s CISOs know that they have a critically important job to do. Demands range from being an enforcer of cybersecurity policy to being an enabler of the business by keeping the organization’s data, infrastructure, and people safe. In worse case scenarios, the well-being of the entire enterprise is at stake. In short, being a CISO is definitely not for the faint of heart.

Balbix recently published the infographic “Today’s CISO,” combining data points from a number of surveys and credible industry sources to highlight some very interesting findings and insights. We were hoping this would spark a healthy debate among security professionals who struggle with these kinds of issues on a daily basis, and that’s exactly what it’s done. Thanks to Billy Spears, EVP, CISO at LoanDepot, who started the ball rolling by reposting on LinkedIn, over 30 people have already weighed in. Here’s a sampling of what people are saying as they read the infographic and reflect on its relevance to their own situations.

On cybersecurity being a business priority

On the topic of cybersecurity as a business priority, the infographic states, "Cybersecurity is now a high-level business priority and CISO's are growing in stature, with many in C-suite roles." This is backed up with these statistics:

todays-ciso-business-priorities-1

Not surprisingly, some readers agree, and some don’t, with others falling somewhere in-between:

Shama Hussain, VP Security and Risk Management Transformation

Outside the USA, titles like CISO, Partner, VP of ERM, IT and Cybersecurity have a reporting structure to the CEO and Board. The executive leadership team prefers a security leader w/strategic and business leadership acumen who can understand the challenges of the stakeholders, have empathy and their trust, and be able to effectively communicate the threats to the Board and C-level, in simple, clear, and well-defined language.

Rich Lindberg, vCISO, Sr. Information Security Professional

My observation is that there is a stronger support level from CEOs across my portfolio for cybersecurity investment and direct organizational backing of the CISO than in recent years. New laws and increasing ransomware are some primary drivers [for why] the business leadership seems to be moving that needle.

Earl Duby, VP and CISO

Is the statistic about 67% of CISO’s say their companies prioritize cybersecurity over all other business issues really true? I don’t think I know a single CISO that would say that.

Jessica Murdzak, Account Manager

I wonder if the percentages of CISO's reporting to CEO's will shift higher as more businesses learn to make security a business enablement discussion. 

On the topic of job stress

100% of respondents to a recent survey say they find their role stressful, and 91% admit that they suffer moderate to high stress. 88% work more than a 40-hour week, and 60% are rarely able to disconnect. Interestingly, no one has commented on this finding so far. Although it’s very real and readily shared among the ranks, it might not be something that CISOs and CIOs want to discuss in a public forum.

On the topic of CISO budgets and wish lists

CISO budgets and wish lists also got the community talking, with some serious comments as well as some much needed levity.

Bob Schlotfelt, Executive Consultant/Cyber Security

This is very good, and something to study. The cybersecurity program is only as good as the people and the leadership behind it – plus the budget!!

Shama Hussain, VP Security and Risk Management Transformation

The CISO is extremely instrumental in securing funding for cyber investments. In addition, the CISO also works very closely with the compliance leadership and regulators to ensure that not only cyber threat gaps are addressed but everything to do with security compliance is also addressed.

Jesse L., Security Engineer

17% of CISOs think they are adequately funded? Can I get a list of them, so I’ll know where I want to work?

todays-ciso-wishlist

Final thoughts

We invite you to download the “Today’s CISO” infographic and jump into this discussion. As Rich Lindberg stated so eloquently: “Thank you for the conversation starter, Billy. Everyone pulling together and exchanging experiences is how we collectively grow stronger, invariably benefiting our respective organizations and then perhaps the economy at large.”

At Balbix, we couldn’t agree more!

The Best Kept Secret of the Most Effective CISOs