Skip to main content
close search
site logo
Dive Brief

CISO vs. CEO: How executives rate their security posture

Published May 19, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Samuel Zeller for Unsplash

Dive Brief:

  • Leaders in cybersecurity have more discipline for implementing strategy on a regular basis, whereas non-leaders were more likely to update their cybersecurity strategy "intermittently," according to a survey of 200 CEOs and CISOs from The Wall Street Journal Intelligence and Forcepoint. 
  • About two-thirds of executives are considered "non-leaders," whereas the remaining executives scored "the highest possible rating for digital maturity, cybersecurity effectiveness, and cybersecurity talent and acquisition," according to the survey. ​The majority of leaders, 82%, have boards of directors who are "fully engaged" with security strategy, compared to only 39% of non-leaders. 
  • Most leaders, 70%, are more concerned with increasing agility than reducing costs, compared to 57% of non-leaders. Nearly two-thirds of leaders value protecting consumer data over organizational intellectual property, compared to 56% of non-leaders.

Dive Insight:

When CISOs have the backing of their non-technical C-suite counterparts, they will likely hit their goals. But not all organizations are created equal. 

Boards recognize they lack the necessary information to make governance decisions without disturbing innovation. The democratization of security is disrupting how businesses operate across departments, and that turmoil requires better communication. 

As more boards acknowledge cyber-related risks pose a "fundamental hazard" to business continuity, CISOs will receive more attention. The CISO, in turn, needs to know how to effectively engage with their boards — heat maps aren't going to cut it anymore in risk assessment presentations. 

Heat maps don't give boards enough indication of where risk exists, and therefore cannot quantify a risk, let alone determine an action to address it. 

Technical leaders are often asked to speak to their non-technical counterparts without technology jargon. CISOs can be more precise in their risk assessments by answering several staple questions: 

  • What is being defended: Is it the business or a business component? 

  • Who is authorized to take the risk? Do they also know how to mitigate it in case of an incident? 

  • What has the security organization done to ensure the business is defended? Where are the weak spots? 

  • What tools are required? 

The WSJ Intelligence and Forcepoint survey found CISOs believe in the effectiveness of their digital and security maturity more than their CEOs. CEOs and CISOs largely agreed they have "very effective" cybersecurity measures, which is an indicator of their confidence. The executives recognize that threats exist and address them accordingly. 

As leaders report they are "close" to an ideal cybersecurity stance, the scale of cyberattacks is only increasing, forcing cyber strategies to evolve daily.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
Newgen Recognized in Gartner® Magic Quadrant™ for Enterprise Low-code Application Platforms Fi…
From Newgen Software
October 30, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell