Traditionally, CISOs’ roles were treated as technical roles first, with secondary importance placed on non-technical skills. However, a series of in-depth interviews conducted for the report with CISOs in the US, UK, and other European countries, suggests that this idea is quickly becoming obsolete.
“For companies, the technical aspects related to cyber security risks have become indistinguishable from other business risks. It just doesn’t make sense to treat attacks as only an IT or cyber security problem if they can potentially cost companies thousands or hundreds of thousands of dollars due to downtime, extortion payoffs, stolen intellectual property, etc.,” said The AES Corporation’s CISO Emeritus Scott Goodhart, who was interviewed for the report. “In a way, technical-only CISOs have become a thing of the past and replaced by a role that’s explicitly relied on to address risk in a much broader, holistic way for organizations.”
Two-thirds of CISOs interviewed understood the increasingly important role emotional intelligence plays in helping them understand, empathize, and negotiate with people inside and outside their organization – a key requirement given their expanding responsibilities.
And three quarters of CISOs interviewed for the report indicated that their roles have changed from a pure focus on network risk to cover every aspect of technology now being deployed, with the changes being most pronounced to CISOs working in healthcare, manufacturing, and retail.
“Today, CISOs are expected to understand and mitigate a wide variety of risks, and then relay that information – regardless of how technical it is – to everyone, from boards and company employees to external security professionals, regulators, and even law enforcement,” said F-Secure’s Tim Orchard, Executive Vice President, Managed Detection and Response. “The shift to relying more on ‘soft’ skills began years ago. However, the pandemic highlighted how CISOs that proactively work with people inside and outside their organizations can be leaders for their companies.”
Additional insights in the report include:
·Most CISOs felt secure in their position at the time they were interviewed; slightly more than a third were considering leaving their position or changing professions
·Two-thirds of interviewed CISOs spent significant amounts of time with external communities of interest, such as CISO roundtable discussions
·Regulations and privacy were increasing responsibilities for over half of interviewed CISOs
·65% of interviewed CISOs saw themselves as critical to their business