Trust gaps between CISOs and C-Suites

FTI Consulting, has released a study from its Strategic Communications segment that reveals the communications challenges that persist at the top levels of organisations in relation to cybersecurity.

  • Thursday, 28th March 2024 Posted 7 months ago in by Phil Alsop

Despite the increasing prominence of cybersecurity risk among organisations’ priorities, many senior leaders believe their cybersecurity chiefs are failing to accurately articulate levels of risk, indicating a lack of trust between executives and security teams that could ultimately leave organisations vulnerable to attack.

In the study, CISO Redefined: Navigating C-Suite Perceptions & Expectations CISO, 93% of UK [and Irish] leaders surveyed see cybersecurity as a top priority for their organisation driven by concerns over potential revenue loss, regulatory compliance, and loss of customer trust, with over 80% of organisations seeing increased demands to demonstrate cyber readiness and preparedness. In light of this, the vast majority (81%) of UK organisations are increasing the decision-making powers of their Chief Information Security Officer (“CISO”). However, there is evidence of a disconnect between senior leaders and security teams around cybersecurity risk, with the perception among one in three executives that the CISO is making things sound better than they are.

“As organisations navigate a regulatory and business environment that is pushing for greater board and leadership oversight of cybersecurity, robust engagement between senior leaders and CISOs will be essential to satisfy stakeholders that cybersecurity risk is being addressed at the top level of the organisation,” said Kate Brader, Head of Crisis in the Strategic Communications segment at FTI Consulting. “Regular cybersecurity briefings, clear roles and procedures around incident response, together with robust testing of response plans can all help to build trust and confidence across the C-suite and cybersecurity teams.”

The study’s findings highlight the challenges organisations face, as various frameworks seek to standardise management of cybersecurity risk. The UK’s draft cybersecurity governance code signals the top-down approach to cybersecurity that the government wants to see, while the US National Institute of Standards and Technology’s (“NIST”) Cybersecurity Framework was recently updated to include a governance function, which stipulates how cybersecurity should be integrated into an organisation’s broader risk management strategy. Organisational alignment on cybersecurity risk is becoming an imperative and will therefore require strong engagement between the CISO and senior leadership teams.

“Our study highlights the ongoing challenges for CISOs as they evolve from technical gatekeeper to holding greater responsibility for overall organisational risk and resilience,” said Orla Cox, Head of Cybersecurity Communications for EMEA in the Strategic Communications segment at FTI Consulting. “This wider remit means that an effective CISO must build trust across business leaders, senior leaders and the board, and prioritise refining their communication skills as much as their technical skills.”

Additional key findings from the survey include:

The vast majority of leaders believe that their CISOs require communications training, with more than half (53%) flagging this as an immediate priority.

Pressure on CISOs to demonstrate a return on investment is likely to increase with more than 86% of organisations having increased their cybersecurity budget in the past 12 months.

In contrast to the rest of the world, UK leaders were revealed as feeling the greatest pressure on cybersecurity from regulators, followed by customers and then investors.

The promise of AI is on every biopharma’s radar, but the reality today is that much of the industry is grappling with how to convert the hype into...
IT teams urged to resolve ‘data delays’ as UK executives struggle to access and use relevant business data.

‘Playtime is over’ for GenAI

Posted 5 days ago by Phil Alsop
NTT DATA research shows organizations shifting from experiments to investments that drive performance.

GenAI not production-ready?

Posted 5 days ago by Phil Alsop
Architectural challenges are holding UK organisations back - with just 24% citing having sufficient governance to implement GenAI.

AI tops decision-makers' priorities

Posted 5 days ago by Phil Alsop
Skillsoft has released its 2024 IT Skills and Salary Report. Based on insights from more than 5,100 global IT decision-makers and professionals, the...

The state of cloud ransomware in 2024

Posted 5 days ago by Phil Alsop
Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security realm.
Talent and training partner, mthree, which supports major global tech, banking, and business clients to build job-ready teams, has revealed the...

AI innovation is powering the Net Zero transition

Posted 5 days ago by Phil Alsop
Whilst overall AI patent filings have slowed, green AI patent publications grew 35% in 2023.