Pressure on CISOs increases amid few resources, Deloitte says

Chief information security officers (CISOs) face new pressures every day to safeguard data and critical assets against increasing cyber threats as well as new regulatory scrutiny, according to a new report from Deloitte.

As their job requirements multiple, CISOs find that resources and funding to address security problem do not always materialize, Deloitte research indicates. In addition, the firm found that ineffective communication and reporting can stymie proper information security efforts, as can lack of support from other executives.

“A successful CISO determines early how to balance priorities and challenges,” explained Deloitte. The report outlined the four key roles of the CISO – strategist, advisor, guardian, and technologist. Too much time spent on acting the part of technologist and guardian leave little opportunity to make strategic headway or counsel the rest of the organization on security.

Findings from Deloitte’s CISO Transition Lab indicate that, “on average, CISOs today spend 77 percent of their time as ‘technologists’ and ‘guardians’ on technical aspects of their positions, and that they would like to reduce this investment to 35 percent. This demonstrates a recognizable shift in their desire to place greater emphasis on the ‘strategist’ and ‘advisor’ functions.”

“As organizations realize that cyber risk is intimately linked to their innovation and growth strategies, expectations of CISOs are changing dramatically,” said Ed Powers, principal, Deloitte & Touche LLP and US leader of cyber risk services. “An effective CISO can no longer rely on his or her technical expertise alone. They must understand how strategic initiatives create risks and develop security programs that balance the need to drive business performance with the growing realities and complexities of protecting customers, intellectual property, and brand.”