Trust gaps between CISOs and C-Suites

FTI Consulting, has released a study from its Strategic Communications segment that reveals the communications challenges that persist at the top levels of organisations in relation to cybersecurity.

  • Thursday, 28th March 2024 Posted 1 month ago in by Phil Alsop

Despite the increasing prominence of cybersecurity risk among organisations’ priorities, many senior leaders believe their cybersecurity chiefs are failing to accurately articulate levels of risk, indicating a lack of trust between executives and security teams that could ultimately leave organisations vulnerable to attack.

In the study, CISO Redefined: Navigating C-Suite Perceptions & Expectations CISO, 93% of UK [and Irish] leaders surveyed see cybersecurity as a top priority for their organisation driven by concerns over potential revenue loss, regulatory compliance, and loss of customer trust, with over 80% of organisations seeing increased demands to demonstrate cyber readiness and preparedness. In light of this, the vast majority (81%) of UK organisations are increasing the decision-making powers of their Chief Information Security Officer (“CISO”). However, there is evidence of a disconnect between senior leaders and security teams around cybersecurity risk, with the perception among one in three executives that the CISO is making things sound better than they are.

“As organisations navigate a regulatory and business environment that is pushing for greater board and leadership oversight of cybersecurity, robust engagement between senior leaders and CISOs will be essential to satisfy stakeholders that cybersecurity risk is being addressed at the top level of the organisation,” said Kate Brader, Head of Crisis in the Strategic Communications segment at FTI Consulting. “Regular cybersecurity briefings, clear roles and procedures around incident response, together with robust testing of response plans can all help to build trust and confidence across the C-suite and cybersecurity teams.”

The study’s findings highlight the challenges organisations face, as various frameworks seek to standardise management of cybersecurity risk. The UK’s draft cybersecurity governance code signals the top-down approach to cybersecurity that the government wants to see, while the US National Institute of Standards and Technology’s (“NIST”) Cybersecurity Framework was recently updated to include a governance function, which stipulates how cybersecurity should be integrated into an organisation’s broader risk management strategy. Organisational alignment on cybersecurity risk is becoming an imperative and will therefore require strong engagement between the CISO and senior leadership teams.

“Our study highlights the ongoing challenges for CISOs as they evolve from technical gatekeeper to holding greater responsibility for overall organisational risk and resilience,” said Orla Cox, Head of Cybersecurity Communications for EMEA in the Strategic Communications segment at FTI Consulting. “This wider remit means that an effective CISO must build trust across business leaders, senior leaders and the board, and prioritise refining their communication skills as much as their technical skills.”

Additional key findings from the survey include:

The vast majority of leaders believe that their CISOs require communications training, with more than half (53%) flagging this as an immediate priority.

Pressure on CISOs to demonstrate a return on investment is likely to increase with more than 86% of organisations having increased their cybersecurity budget in the past 12 months.

In contrast to the rest of the world, UK leaders were revealed as feeling the greatest pressure on cybersecurity from regulators, followed by customers and then investors.

Six in 10 businesses struggle to manage cyber risk

Posted 2 days ago by Phil Alsop
New Barracuda report explores why just 43% of organizations surveyed have confidence in their ability to address cyber risk, vulnerabilities, and...

Critical gaps in responsible AI practices

Posted 2 days ago by Phil Alsop
Qlik has sponsored a study by TechTarget’s Enterprise Strategy Group (ESG) to shine a light on the state of responsible AI practices across...

Security concerns with GenAI

Posted 2 days ago by Phil Alsop
Metomic surveyed more than 400 CISOs to better understand the biggest challenges security leaders are up against in 2024, along with their top...
In an ORX survey of 26 of the world’s biggest banks and insurers, three quarters (75%) of firms said that they have started using external GenAI...
Lenovo research highlights that businesses are investing increasing amounts of cash in artificial intelligence (AI) technology, with spending...
RAGroup increases activity by over 300% since its last known attacks in December 2023, entering the top three threat actors for the first time.
Oxford Business Group and Africa Data Centre Association unveils insights into the continent's digital landscape.
Professional services firms optimistic about growth in 2024, with a 13% uplift in firms expecting to increase profits compared to last year.