In the past, CISOs used to only focus on the technical side of cybersecurity for the organization. Those days are long gone. Heading into 2020, the CISO is stepping out of the server room and into the boardroom as an agile leader and communicator who combines IT expertise with business acumen.
While that’s exciting, it’s also difficult. The scope of the CISO role is constantly changing. Cybersecurity incidents are increasing—from both outside forces and malicious insiders—and so are regulatory requirements. Plus, CISOs need to be able to clearly communicate complex technical issues to boards who don’t speak tech.
With so many competing and evolving priorities, it’s sad (but not surprising) to learn that a quarter of CISOs worldwide suffer from stress-related physical or mental health issues. And, more than half of those fail to “switch off” when they go home, according to a Nominet study.
We look at six common challenges that could be contributing to a CISO’s stress level.
"Boards and CISOs speak different languages. A CISO may struggle while trying to articulate risk in terms that will be meaningful to board members."
6 top struggles for CISOs
As the CISO tries to protect the organization from cybersecurity risks and secure a seat at the table, they face:
1. Difficulties hiring and retaining cybersecurity talentBecause the demand for IT security professionals has surpassed supply, positions can be hard to fill. Gartner predicts that the number of unfilled cybersecurity roles globally is expected to reach 1.5 million by the end of 2020. Without a solid support team, the CISO can be distracted or pulled away from critical issues and lack the resources to properly manage cyber risks.
2. Lightning-fast changeOrganizations hurry to stay one step ahead of the competition, better serve customers, and utilize new technologies—especially cloud-based ones. This, coupled with the pace of mergers and acquisitions, has created a virtually borderless world of data fraught with cybersecurity and third-party risks.
3. Data from many sourcesCISOs generally have two sets of dashboards: one for internal stakeholders and one for external stakeholders. Both should be based on the same underlying data, but this isn’t always the case. From spreadsheets to BI tools, CISOs can have data streaming in from many different sources, making it hard to consolidate information and present meaningful dashboards to the C-suite.
4. Uncertainty over which metrics to presentThere’s no shortage of metrics available to security professionals, and it’s easy to get into the weeds when reporting and sharing data. If CISOs aren’t focused on the right metrics and using data consistently to drive decisions, they can’t confidently back up their recommendations to the board. We dive deeper into how to present the right metrics in our eBook, CISOs in the boardroom.
5. Budget constraintsIBM puts the average cost of a data breach at $3.92 million. But ironically, cybersecurity budgets haven’t typically been a high priority spend for organizations. While cybersecurity risks are now at the top of the agenda, CISOs still have difficulties securing larger budgets, often because they can’t guarantee a clear return on investment. Smaller organizations and local governments generally lack the budgets to properly mitigate threats.
6. Communication challengesBoards and CISOs speak different languages. The board doesn’t care about technical details, while the CISO is immersed in them. A CISO may struggle while trying to articulate risk in terms that will be meaningful to board members.
Solutions for CISOs
We don’t want to paint the next decade as all doom and gloom for CISOs—because it’s not. There are plenty of opportunities to meet these challenges head-on—not only to protect, but also to grow your organization. By choosing the right metrics to present, technology that can properly process data and create storyboards, and a solid risk management framework, you can implement a sustainable cybersecurity risk management program and demonstrate ongoing value to the board.
CISOs in the boardroom
In this eBook, you’ll discover:
- The top six challenges facing CISOs today.
- What’s defining our current cyber-risk landscape.
- Strategies to win more budget and capacity for your cybersecurity function.
- Common questions to anticipate from the board (and how to respond to them).