The vast majority (89%) of Chief Information Security Officers (CISO) are regularly summoned by the board of directors to provide recommendations for the business. This is a key finding from the latest global survey of information security heads commissioned by Kaspersky. The study also revealed that despite a ‘direct line’ with top bosses, it does not necessarily result in dedicated investments in security. In fact, 54% of respondents admit having to share their organisation’s IT budget.
In Q3 of 2019, 451 Research conducted an independent study, commissioned by Kaspersky, to explore the various factors shaping information security from the perspectives of enterprise security leaders. The study surveyed 305 respondents that have senior or executive responsibility for cybersecurity in enterprises worldwide, with the findings revealing how the nature of cybersecurity and security leadership has evolved.
According to the study, top management seek advice from IT security leaders regardless of the organisation’s reporting structure, with only 23% reporting to the board. Business leaders need input from their CISO most often when an internal cybersecurity incident happens – as recognized by 60% of respondents. However, it’s not all about breaches — executives also seem to be proactive and mindful about how to protect the company now and in the future. More than half (57%) of the surveyed IT security chiefs schedule meetings with the board on a regular basis, and 56% are requested to provide their expert opinions on future IT projects.
However, despite being visible and valuable to the board, CISOs still face difficulties when it comes to justifying necessary spending on IT security. Having to siphon their expenses from the broader IT budget, 43% of those surveyed feel that they are in direct competition with other business and IT initiatives, making it one of the top three challenges they face in order to make the case for essential information security investment.
“As the study shows, boards of directors now understand that cybersecurity is an important part of business success. Nevertheless, there’s still a challenge for CISOs to be able to convert this understanding into actual support. Speaking business language instead of using technical jargon, focusing on how to solve problems and bringing in third-party expertise to justify meaningful measures are all key components to win over directors,” comments Veniamin Levtsov, VP of Corporate Business, at Kaspersky.
To help CISOs communicate effectively with their board of directors, Kaspersky recommends:
- Shifting from ad hoc communications to regular sync-ups with the business leadership team. It will help to keep the board updated on the company's security measures and remain aware of strategic priorities.
- Speaking in a language that top management understands. Executives rarely have a security or technical background, so try to avoid IT jargon and refer instead to specific business benefits and opportunities when speaking about security measures.
- Make sure board members receive security training. This will not only help towards building a corporate-wide cybersecurity culture, but will also highlight the practical value and impact of effective cybersecurity measures.
To find more about the changing role of the CISO in 2019, read the full report available at the following link.
-Ends-
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com
For further information please contact:
Sweta Fernandes, Account Executive
Mobile: +971 56 2467612, Golin, KasperskyTeam@golin.ae
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
