Most, 89 per cent of Chief Information Security Officers (CISOs) are regularly summoned by the board of directors to provide recommendations for the business. That’s according to a global survey of information security heads commissioned by the cyber product company Kaspersky. Despite that ‘direct line’ with the top, it does not necessarily result in dedicated investments in security. In fact, a good half, 54pc of respondents admit having to share their organisation’s IT budget.
In the third quarter of 2019, 451 Research conducted a study, for Kaspersky, into the factors shaping information security from the perspectives of enterprise security leaders. The study surveyed 305 respondents with senior or executive responsibility for cybersecurity in enterprises worldwide.
According to the study, top management seek advice from IT security leaders regardless of the organisation’s reporting structure, with only 23pc reporting to the board. Business leaders need input from their CISO most often when an internal cybersecurity incident happens – as recognised by 60pc of respondents. However, it’s not all about breaches — executives also seem to be proactive and mindful about how to protect the company now and in the future. More than half (57pc) of the surveyed IT security chiefs schedule meetings with the board on a regular basis, and 56pc are requested to provide their expert opinions on future IT projects.
However, despite being visible and valuable to the board, CISOs still face difficulties when justifying necessary spending on IT security. Having to siphon their expenses from the broader IT budget, 43pc of those surveyed feel that they are in direct competition with other business and IT initiatives, making it one of the top three challenges they face in order to make the case for essential information security investment.
For the full report visit the Kaspersky blog.
Veniamin Levtsov, VP of Corporate Business, at Kaspersky says: “As the study shows, boards of directors now understand that cybersecurity is an important part of business success. Nevertheless, there’s still a challenge for CISOs to be able to convert this understanding into actual support. Speaking business language instead of using technical jargon, focusing on how to solve problems and bringing in third-party expertise to justify meaningful measures are all key components to win over directors.”
