Should the CISOs role be split into two functions?
84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix.
Regulatory demands pose a growing challenge for CISOs
The research reveals insights from over 500 CISOs worldwide on cybersecurity regulation, the CISO role, and their interactions and challenges when reporting to their organization’s board.
“We’ve entered the CISO duality era,” said Harold Rivas, CISO, Trellix. “CISOs need both a technical and business-focused lens – and we need to be strategic communicators. The role is no longer only about maintaining cyber hygiene. It’s managing risk, staying on top of and ahead of regulations and compliance, and aligning with leadership and the board, all while defending against advanced threats. CISOs are the conduit between key stakeholders, business objectives, and cyber resilience.”
Proactively maintaining a cybersecurity posture, prioritizing ransomware prevention and mitigation, defending against state-sponsored attacks, and responding to global IT incidents are all top priorities for CISOs this year. On top of this, CISOs must also navigate complex regulatory requirements and increased stakeholder interest and expectations with limited resources. The impact of these growing responsibilities is being felt by all.
93% of CISOs agree cybersecurity regulation has helped their career as a CISO – such as having greater influence in strategic decisions or elevation to board-level discussions, but 79% believe the time and effort it takes to keep pace with regulatory change is not sustainable.
CISOs must enhance reporting skills
Reporting to the board is a skill CISOs need to hone, 49% report to the board on a weekly (or more frequent) basis, adding to their overburdened workload. Many still struggle with board and C-level understanding and alignment, with 66% saying the board lacks the technical knowledge or expertise to fully comprehend cybersecurity issues and 59% of CISOs saying their views don’t align with their CIO or CEO.
As a result, 91% of CISOs agree these expanding responsibilities will lead to higher turnover in the role, and 49% do not see a future as a CISO. To better manage these growing responsibilities, 84% of CISOs believe the role should be split into technical (CISO) and business-focused (BISO) roles.
To ensure the future of this role, CISOs need additional support from regulators, their organizations, and their peers. 87% of CISOs agree discussing cybersecurity regulation with peers is more valuable than doing their own research.
“An element to success for CISOs is a strong collaborative community,” said Jim Jenkins, VP and Information Security Officer at Vantage West Credit Union, Trellix CISO Council member. “It’s a demanding role when resources and support are in short supply. Learning from peers and sharing information broadly enables CISOs to be more efficient and refocus efforts on strategic initiatives.”
Clarity on role responsibilities and expectations, with clear guidance and support from leadership and regulators, as well as a collaborative peer community, are vital to ensuring the future success of the CISO role.