Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Many CEOs and CISOs Not Communicating on Security, Survey Finds

If security is only a strong as the weakest link in the chain, the part of the chain linking the office of the chief executive officer to the chief information security officer appears to have a gap in it.

If security is only a strong as the weakest link in the chain, the part of the chain linking the office of the chief executive officer to the chief information security officer appears to have a gap in it.

This is according to new research from CORE Security. In a survey of 100 CEOs and 100 CISOs, the company found that 36 percent of the CEOs said the CISO never reports to them on the state of IT infrastructure security. Some 27 percent said they receive updates on a somewhat regular basis.

“CEOs are looking at the issue of security in business terms while the Chief Security Officer is looking at it in technical terms,” Mark Hatton, CEO at CORE Security, told SecurityWeek. “Security protection is often viewed as an expense, not something that can save your business from being hijacked, extremely embarrassed or devalued – or even something that can get them fired.  At the same time, CISOs are often ill-equipped to explain this to their CEOs in part because they frequently don’t know themselves how to process the data that they have.”

Additionally, more than 60 percent of CISOs said they were very concerned about their IT systems experiencing a breach, only 15 percent of CEOs were very concerned about their network being attacked. Sixty-five percent of CEOs confessed to not having the sufficient data needed to interpret how security threats translate to overall business risk.

“These results should be a wakeup call for every organization to demand better alignment between the executives charged with protecting their most vital assets,” said Patricia Foye, senior vice president of marketing at CORE Security, in a statement. “The idea that there are such disparate views on the crucial threats facing the company between two members of an executive team is discouraging to say the least. CEOs need to bring their security teams into the mainstream of day-to-day operations. Security and continual risk assessment should be woven into the fabric of operational reviews and should be an agenda item at the Board of Director level.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.