77% of CISO's Fear Next Breach Will Cost them Their Jobs
- Advisor@AegisIntel.ai
- Oct 30, 2024
- 2 min read
A recent survey by Portnox found that 77% of Chief Information Security Officers (CISOs) are either very or extremely worried about losing their job when the next big breach happens
Moor Insights and Strategy believes that the survey result encapsulates how most CISOs feel, and that the fear of termination will impact their behavior, potentially making them "gun-shy" and hesitant in their decision-making
As enterprises will inevitably be breached, the CISO should not bear all the blame - Cybersecurity is a "team sport" that requires the involvement and responsibility of the entire C-suite
He suggests that the C-suite, including the CIO and CFO, should also be held accountable for cybersecurity responsibilities, and that their compensation should be tied to the implementation of proper security controls.
Interestingly, Jess Burn, a principal analyst at Forrester, takes a more strict view, stating that if a CISO is afraid of getting fired after a breach, they should not be working in that role, as a talented CISO who manages a major post-breach incident becomes a valuable resource in the job market
Burn advises CISOs to focus on revenue, net income, and market share to strengthen their positions, and to tie security controls to the underwriting process, as this is the language that the C-suite understands
Observations
Holding CISO's strictly accountable for an inevitable incident means constantly facing termination. This will drive good talent away from the role and deplete firms of critical talent
Tying focus to revenue and business outcomes, while necessary, is not the sole remedy
Cybersecurity investment is essentially 'buying down risk'; what percentage of firms have unlimited or all necessary budget to preclude the eventual breach, let alone manage and remediate to perfection when encountered?
Ultimately, the need for a shift in enterprise cybersecurity is the recognition that it is a shared responsibility, requiring collaboration and accountability across the entire organization
Comments