The 21st Century CISO Has Evolved: More Power Now Means More Responsibility

CISOs now have a seat at the boardroom table. With that comes myriad new responsibilities and new challenges. CISOs who have made the journey from technician to full-fledged executive share their advice.

Samara Lynn
clock • 3 min read
The 21st Century CISO Has Evolved: More Power Now Means More Responsibility

The role of the CISO has evolved from one as tactical IT professional, tasked with putting out cybersecurity fires, to that of a top-level executive pressing shoulders in the boardroom with others in the C-suite. CISOs are becoming more involved in crucial day-to-day business decisions.

Why is this? According to IDC's recent study, "The Changing Role Of The CISO," CISOs have become critical to an organization's success and profitability.

And as they say in the comic books, with great power comes great responsibility. CISOs are now asked to do more while also serving as sentries against cyberattacks.

Yet, CISOs still face challenges in getting equal treatment at the C-suite level. According to IDC's study, one of the biggest hurdles is that CIOs expect more in a CISO skill set. No longer is it sufficient for a CISO to know how to defend, detect and respond to cyberattacks -- they now need hardcore business acumen.

CISOs' New Responsibilities

"The CISO now has a bunch of different responsibilities, for one, compliance, they are responsible for working on the line of business [and] the CISO will also support the board of directors," said Frank Dickson, program vice president, cybersecurity products at IDC, at a session at Check Point's recently held CPX 2024 conference.

IDC's study also highlighted additional skills the successful CISO must acquire including customer support, a grasp of business strategy and architecture, leadership, risk management and compliance.

Several CISOs agreed.

"You shouldn't be a CISO if you aren't expected that going forward in the future, you are going to need to be engaged and actively interacting with customers," Dan Creed, Allegiant Air's CISO said at a roundtable discussion at CPX.

CISOs have "all had to develop that skill set so that we can make cybersecurity a business conversation and not just a technical conversation," Cindy Carter, Check Point Software Field CISO, said.

More Power, More Potential Problems 

IDC's study also cited conflict with CIOs as another challenge for CISOs.

"CIOs are irritating the CISO, the CISO is irritating the CIO," Dickson said.

The goals of the CIO and the CISO are not always aligned and can cause tension between the two, according to IDC's study, which surveyed 847 IT decision-makers at the director level and above in 17 countries. Top sources of friction:

For CIOs:

  • 21 percent said that security activities frequently cause disruptions, impacting IT operation
  • 16 percent said security is challenged in integrating technology requirements to broader enterprise applications
  • 10 percent said security makes too many unilateral technology choices

For CISOs:

  • 20 percent said IT activities are frequently causing disruptions, impacting security operations
  • 20 percent said IT is challenged in adhering to security's standards for its implementations
  • 13 percent said IT makes too many unilateral technology choices

With burgeoning responsibilities, CISOs report another concern: liability. As they become a more integral part of the C-suite, some say they are held just as accountable for business mishaps as other executives.

"We now have as much risk from a liability standpoint as the CEO, the CFO do," Creed said. "The only big downside to that is we have the same accountability as them now," he added.

Still, during the discussion many of the CISOs said they embraced their heightened presence in the C-suite and that it helps them make their case for the security programs they need to implement.

"Our chairman of the board called me twice a couple of days ago just to chat," Creed said. The interaction establishes a relationship with the board, he said.

"You have to have that conversation with the board of, look, the reason you need to include me in board-level discussions around what our strategy is, is [that] every strategy, every business transformation that we have, has some kind of risk of IT security or risk people … Cybersecurity is business risk," he added.

For Carter, cybersecurity, "is no longer the redheaded stepchild of IT.  We're also getting our own voice. I'm very optimistic about that."



You may also like
Recruiting Neurodiverse Talent Isn't As Difficult As You Think


And it will help you retain skilled and experienced employees of all kinds

clock 05-21-2024 • 7 min read
'A Generation Of Entitlement': Against Big Tech In The Fight For Talent


Mid-size firms can't compete with Big Tech on salary. But there are other ways to attract - and keep - staff if you understand their motivations.

clock 05-01-2024 • 4 min read
Effective Management Means Thinking Like A Marketer


Good leaders are effective managers, but great leaders know how to manage up as well as down

clock 04-29-2024 • 3 min read

More on Security

How Semperis Is Helping Detect 'Low And Slow' Cyberattacks And Why It's Targeting The Midmarket

How Semperis Is Helping Detect 'Low And Slow' Cyberattacks And Why It's Targeting The Midmarket

Semperis' VP of products, Darren Mar-Elia, breaks down how ML helps with identity-based security and why the new offering is a fit for midmarket organizations' cyber resilience strategies

Samara Lynn
clock 05-23-2024 • 7 min read
Microsoft Build 2024: CEO Nadella Declares 'A Golden Age Of Systems'

Microsoft Build 2024: CEO Nadella Declares 'A Golden Age Of Systems'

'I still remember distinctly the first time Win32 was discussed … .Net, Azure. These are moments that I’ve marked my life with. And it just feels like we’re, yet again, at a moment like that,' Microsoft CEO Satya Nadella said in his keynote at Build 2024....

Wade Tyler Millward
clock 05-22-2024 • 9 min read
Strata Announces 'Always-On' Identity Continuity

Strata Announces 'Always-On' Identity Continuity

Identity access and management continues to evolve

Samara Lynn
clock 05-21-2024 • 2 min read