Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Many CEOs and CISOs Not Communicating on Security, Survey Finds

If security is only a strong as the weakest link in the chain, the part of the chain linking the office of the chief executive officer to the chief information security officer appears to have a gap in it.

If security is only a strong as the weakest link in the chain, the part of the chain linking the office of the chief executive officer to the chief information security officer appears to have a gap in it.

This is according to new research from CORE Security. In a survey of 100 CEOs and 100 CISOs, the company found that 36 percent of the CEOs said the CISO never reports to them on the state of IT infrastructure security. Some 27 percent said they receive updates on a somewhat regular basis.

“CEOs are looking at the issue of security in business terms while the Chief Security Officer is looking at it in technical terms,” Mark Hatton, CEO at CORE Security, told SecurityWeek. “Security protection is often viewed as an expense, not something that can save your business from being hijacked, extremely embarrassed or devalued – or even something that can get them fired.  At the same time, CISOs are often ill-equipped to explain this to their CEOs in part because they frequently don’t know themselves how to process the data that they have.”

Additionally, more than 60 percent of CISOs said they were very concerned about their IT systems experiencing a breach, only 15 percent of CEOs were very concerned about their network being attacked. Sixty-five percent of CEOs confessed to not having the sufficient data needed to interpret how security threats translate to overall business risk.

“These results should be a wakeup call for every organization to demand better alignment between the executives charged with protecting their most vital assets,” said Patricia Foye, senior vice president of marketing at CORE Security, in a statement. “The idea that there are such disparate views on the crucial threats facing the company between two members of an executive team is discouraging to say the least. CEOs need to bring their security teams into the mainstream of day-to-day operations. Security and continual risk assessment should be woven into the fabric of operational reviews and should be an agenda item at the Board of Director level.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.