New research details risk to the CISO role’s longevity amidst a lack of clarity, alignment, and support on expanding responsibilities
SAN JOSE, Calif.–(BUSINESS WIRE)–Trellix, the company delivering cybersecurity’s broadest GenAI-powered platform, today announced a new report, Mind of the CISO: CISO Crossroads, which found most CISOs (84%) believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience amid an ever-expanding threat landscape.
The research reveals insights from over 500 CISOs worldwide on cybersecurity regulation, the CISO role, and their interactions and challenges when reporting to their organization’s board. Insights shed light on the latest changes, responsibilities, and requirements for CISOs, the impacts of navigating them, and recommendations for organizations and policymakers to protect the future of this role.
“We’ve entered the CISO duality era,” said Harold Rivas, CISO, Trellix. “CISOs need both a technical and business-focused lens – and we need to be strategic communicators. The role is no longer only about maintaining cyber hygiene. It’s managing risk, staying on top of and ahead of regulations and compliance, and aligning with leadership and the board, all while defending against advanced threats. CISOs are the conduit between key stakeholders, business objectives, and cyber resilience.”
Proactively maintaining a cybersecurity posture, prioritizing ransomware prevention and mitigation, defending against state-sponsored attacks, and responding to global IT incidents are all top priorities for CISOs this year. On top of this, CISOs must also navigate complex regulatory requirements and increased stakeholder interest and expectations with limited resources. The impact of these growing responsibilities is being felt by all:
- Regulation Overload: 93% of CISOs agree cybersecurity regulation has helped their career as a CISO – such as having greater influence in strategic decisions or elevation to board-level discussions, but the majority (79%) believe the time and effort it takes to keep pace with regulatory change is not sustainable.
- The Boardroom Battle: Reporting to the board is a skill CISOs need to hone, as nearly half (49%) report to the board on a weekly (or more frequent) basis, adding to their overburdened workload. Many still struggle with board and C-level understanding and alignment, with 66% saying the board lacks the technical knowledge or expertise to fully comprehend cybersecurity issues and 59% of CISOs saying their views don’t align with their CIO or CEO.
- CISO Role at Risk: As a result, 91% of CISOs agree these expanding responsibilities will lead to higher turnover in the role, and 49% do not see a future as a CISO. To better manage these growing responsibilities, 84% of CISOs believe the role should be split into technical (CISO) and business-focused (BISO) roles.
To ensure the future of this role, CISOs need additional support from regulators, their organizations, and their peers. 87% of CISOs agree discussing cybersecurity regulation with peers is more valuable than doing their own research.
“An element to success for CISOs is a strong collaborative community,” said Jim Jenkins, Vice President and Information Security Officer at Vantage West Credit Union, Trellix CISO Council member. “It’s a demanding, multi-faceted role when resources and support are in short supply. Learning from peers and sharing information broadly enables CISOs to be more efficient and refocus efforts on strategic initiatives.”
Clarity on role responsibilities and expectations, with clear guidance and support from leadership and regulators, as well as a collaborative peer community, are vital to ensuring the future success of the CISO role.
Learn more about Mind of the CISO: CISO Crossroads here.
Trellix’s Mind of the CISO initiative brings global attention to the needs of the CISO community, driving cybersecurity and AI best practices. Trellix continuously looks to support the global CISO community by engaging, listening, and advocating.
Additional Resources:
- Trellix: The Official Sponsor of the CISO
- Mind of the CISO: Understanding the CISO’s Struggle
- Mind of the CISO: Behind the Breach
- Mind of the CISO: Decoding the GenAI Impact
Methodology
Trellix commissioned independent market research agency Vanson Bourne to conduct a research survey of over 500 CISOs across America, Europe, the Middle East, and the Asia Pacific region to understand their views on cybersecurity regulation, the CISO role, and their interactions and challenges when reporting to their organization’s board. Respondents work across various industries, including finance, public sector, healthcare (public and private), manufacturing, energy, oil, gas, and utilities.
About Trellix
Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s comprehensive, open and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.
Follow Trellix on LinkedIn and X.
Contacts
Megan Haley
[email protected]