Trust gaps between CISOs and C-Suites

FTI Consulting, has released a study from its Strategic Communications segment that reveals the communications challenges that persist at the top levels of organisations in relation to cybersecurity.

  • Thursday, 28th March 2024 Posted 7 months ago in by Phil Alsop

Despite the increasing prominence of cybersecurity risk among organisations’ priorities, many senior leaders believe their cybersecurity chiefs are failing to accurately articulate levels of risk, indicating a lack of trust between executives and security teams that could ultimately leave organisations vulnerable to attack.

In the study, CISO Redefined: Navigating C-Suite Perceptions & Expectations CISO, 93% of UK [and Irish] leaders surveyed see cybersecurity as a top priority for their organisation driven by concerns over potential revenue loss, regulatory compliance, and loss of customer trust, with over 80% of organisations seeing increased demands to demonstrate cyber readiness and preparedness. In light of this, the vast majority (81%) of UK organisations are increasing the decision-making powers of their Chief Information Security Officer (“CISO”). However, there is evidence of a disconnect between senior leaders and security teams around cybersecurity risk, with the perception among one in three executives that the CISO is making things sound better than they are.

“As organisations navigate a regulatory and business environment that is pushing for greater board and leadership oversight of cybersecurity, robust engagement between senior leaders and CISOs will be essential to satisfy stakeholders that cybersecurity risk is being addressed at the top level of the organisation,” said Kate Brader, Head of Crisis in the Strategic Communications segment at FTI Consulting. “Regular cybersecurity briefings, clear roles and procedures around incident response, together with robust testing of response plans can all help to build trust and confidence across the C-suite and cybersecurity teams.”

The study’s findings highlight the challenges organisations face, as various frameworks seek to standardise management of cybersecurity risk. The UK’s draft cybersecurity governance code signals the top-down approach to cybersecurity that the government wants to see, while the US National Institute of Standards and Technology’s (“NIST”) Cybersecurity Framework was recently updated to include a governance function, which stipulates how cybersecurity should be integrated into an organisation’s broader risk management strategy. Organisational alignment on cybersecurity risk is becoming an imperative and will therefore require strong engagement between the CISO and senior leadership teams.

“Our study highlights the ongoing challenges for CISOs as they evolve from technical gatekeeper to holding greater responsibility for overall organisational risk and resilience,” said Orla Cox, Head of Cybersecurity Communications for EMEA in the Strategic Communications segment at FTI Consulting. “This wider remit means that an effective CISO must build trust across business leaders, senior leaders and the board, and prioritise refining their communication skills as much as their technical skills.”

Additional key findings from the survey include:

The vast majority of leaders believe that their CISOs require communications training, with more than half (53%) flagging this as an immediate priority.

Pressure on CISOs to demonstrate a return on investment is likely to increase with more than 86% of organisations having increased their cybersecurity budget in the past 12 months.

In contrast to the rest of the world, UK leaders were revealed as feeling the greatest pressure on cybersecurity from regulators, followed by customers and then investors.

AI innovation is powers Net Zero transition

Posted 9 hours ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.
Only 30% of MSPs effectively use project management tools while a staggering 50% of executives say PM challenges are impacting profitability.
Findings from the SolarWinds 2024 State of ITSM Report showcase several more effective methods for up-levelling ITSM.

AI viewed as catalyst for career growth

Posted 4 days ago by Phil Alsop
Cybersecurity job satisfaction declines amid tightening job market, ongoing staffing and skills shortages, and challenging threat environment.
The 2024 State of Data Intelligence Report finds companies struggling with AI governance more than all other aspects of data intelligence.
Technology channel services company launches second ESG Unwrapped report with experts who state channel players can boost profits, productivity, and...
Over a quarter (26%) have already turned to outsourcing as a solution.
47% of MSPs are drowning in large volumes of security data and 42% are challenged by implementing advanced threat detection technologies as they...