Why aren't CISO's being elevated to a true C-suite position at the majority of public companies today? What specific challenges exist that are preventing this action from occurring?

Security & GRCFeedbackPeer Insights+2 more
5k views1 Upvote8 Comments
Sort By:
Oldest
Principle Consultant in IT Servicesa year ago
Some potential reasons:

* Business priority on security.
* Lack of understanding of security by C-suite and CISO not being able to communicate clearly with C-suite.
* No clear division between CIO and CISO.
2
C-Suite in Healthcare and Biotecha year ago
There are also a finite number of executive positions available.  Those positions generally need board approval and whatnot, so it's HARD to create a new executive seat.  And, like everyone else is saying, people don't treat it seriously enough.
Vice President, Infrastructure Architect in Finance (non-banking)a year ago
In our industry, this is really a subcomponent of Risk; Financial Risk, Reputation Risk, InfoSevc Risk.  As such we have a Chief Risk Officer as opposed to a CISO.

From a purely business perspective, I don't think everyone with a 'C' in their title needs to report to the CEO.  The CEO having 20 direct reports doesn't sound like a great organizational model to me.
1
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Information Security Manager in Softwarea year ago
There are many reasons for this:

1.Traditional Organizational Structure.

2.Limited Awareness: Businesses still do not fully understand the critical role that cybersecurity plays in modern business.

3.Reporting Structure: When information delegation is not as it should be.
Information Security VP, Information Technology in Retaila year ago
Typically it comes down to the perception of security at the company level (or Board level to be more precise) and communication.  We've traditional spoken to our collective Boards in the language of security, and we have to speak to them about security using the language of business.  While many CISOs are making progress doing this, until we hit a tipping point as an industry this role won't be seen as a 'C' level position at most companies.  

Content you might like

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Looking for IT Benchmarking resources for the manufacturing industry, what are sources that you have found to be helpful?

KPIs, Metrics & ReportingIT Strategy & RoadmapData & Analytics
VP of IT in Retail3 days ago
If you have a full Gartner license, they have a benchmarking tool that maps out to your industry.  It was useful for my needs.
701 views1 Comment

We are actively doing a bake off between SAP Concur and Egencia for our global Travel Management system. Would love to hear about your experience using Egencia and if you are within the Professional Services industry. 

IT Strategy & RoadmapApplications & Platforms
720 views

What do you think will happen to your career in 2024?

People & LeadershipJobs

Job will become more stressful32%

Job-related stress will remain stable59%

Job will become less stressful8%

Other (please comment)1%

View Results
2.4k views1 Upvote2 Comments

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments