Why aren't CISO's being elevated to a true C-suite position at the majority of public companies today? What specific challenges exist that are preventing this action from occurring?
Sort By:
Oldest
C-Suite in Healthcare and Biotecha year ago
There are also a finite number of executive positions available. Those positions generally need board approval and whatnot, so it's HARD to create a new executive seat. And, like everyone else is saying, people don't treat it seriously enough.Vice President, Infrastructure Architect in Finance (non-banking)a year ago
In our industry, this is really a subcomponent of Risk; Financial Risk, Reputation Risk, InfoSevc Risk. As such we have a Chief Risk Officer as opposed to a CISO.From a purely business perspective, I don't think everyone with a 'C' in their title needs to report to the CEO. The CEO having 20 direct reports doesn't sound like a great organizational model to me.
Information Security Manager in Softwarea year ago
There are many reasons for this:1.Traditional Organizational Structure.
2.Limited Awareness: Businesses still do not fully understand the critical role that cybersecurity plays in modern business.
3.Reporting Structure: When information delegation is not as it should be.
Information Security VP, Information Technology in Retaila year ago
Typically it comes down to the perception of security at the company level (or Board level to be more precise) and communication. We've traditional spoken to our collective Boards in the language of security, and we have to speak to them about security using the language of business. While many CISOs are making progress doing this, until we hit a tipping point as an industry this role won't be seen as a 'C' level position at most companies.
* Business priority on security.
* Lack of understanding of security by C-suite and CISO not being able to communicate clearly with C-suite.
* No clear division between CIO and CISO.