- Home
- / About
- / News
- / Press Releases
FTI Consulting Study Reveals Significant Communications Gaps Between CISOs and C-Suites Despite Increased Focus on Cybersecurity
Findings Indicate Nearly One-in-Three Executives Believe their CISOs Hesitate to Inform Leadership of Potential Vulnerabilities, Creating Organizational Risk
Washington, D.C., March 26, 2024 – FTI Consulting, Inc.’s (NYSE: FCN) Cybersecurity & Data Privacy Communications practice today released the second installment of its “CISO Redefined” series, CISO Redefined: Navigating C-Suite Perceptions & Expectations, which reveals that, despite broad agreement on the increasing importance of mitigating cybersecurity risk, a communications gap persists between the C-suite and cybersecurity leaders. Up against a rapidly evolving risk landscape, new regulatory requirements and increased stakeholder scrutiny, executives are ramping up cybersecurity investments, but still perceive their chief information security officers (“CISOs”) as falling short on key communications imperatives, which can directly impact an organization’s bottom line and reputation.
“It’s clear that executive leadership and CISOs both recognize the importance of cybersecurity risk, but more work needs to be done to ensure they understand each other,” said Meredith Griffanti, Global Head of FTI Consulting’s Cybersecurity & Data Privacy Communications. “Security is a shared goal for these leaders, but what we have seen from our past two studies is that they’re communicating past each other. The CISO speaks in technical jargon, the C-suite and the Board don’t understand it – and you have this endless cycle where the CISO feels the need to make things sound simpler – or better – than they actually are. This hampers the CISO from making a compelling case for investment in certain parts of their cybersecurity program, and also leaves business leaders in the dark about areas where the organization is most vulnerable. Training CISOs on effective presentation and communications skills is crucial to aligning priorities and ensuring all critical stakeholder groups are on the same page about their company’s actual risk profile.”
The C-suite study summarizes findings from a survey of nearly 800 C-suite executives spanning seven sectors across nine countries. FTI Consulting’s first installment of the “CISO Redefined” series, released in 2022, took the inverse approach and surveyed CISOs. Both studies confirmed mounting leadership expectations for CISOs and associated communications challenges.
According to the C-suite study, 94% of C-suite executives surveyed believe cybersecurity issues increased in prominence over the past 12 months, and a majority deem cybersecurity a critical or high priority. Executives are allocating funds to reflect this new reality, reporting an average increase of 23% in cybersecurity budgets over the next one to two years, and 36% in the next three to five years.
Key findings from the “CISO Redefined” series confirm a communications gap amongst C-suite executives and CISOs:
- A notable 66% of CISOs felt senior leadership struggles to fully understand their role within the organization, whereas 31% of C-suite executives expressed difficulty understanding the tangible return on cybersecurity investment.
- While 82% of CISOs felt a need to make things sound better to the Board, 31% of C-suite executives believe their CISOs paint a brighter picture than the reality – and 30% felt CISOs are hesitant to raise concerns about their organization’s vulnerabilities.
- As far as organizational alignment, 58% of CISOs confirmed they struggle to translate technical language to senior leadership in a meaningful way. Meanwhile, 28% of C-suite executives believed their CISOs have a hard time translating technical terms into business terms, and 30% reported this difficulty when it comes to CISOs expressing cybersecurity risk in financial and material terms.
- While the research points toward a lack of trust and understanding, it also suggests significant leadership buy-in on solutions to help bridge the gap. In fact, 98% of C-suite executives surveyed supported more funding for CISO communications and presentation training, with nearly half characterizing this need as immediate.
To address this disconnect as well as the demand for actionable solutions, FTI Consulting created Secure Your Seat, a communications and presentation training program designed to sharpen CISOs’ skills for effectively engaging with Board and C-suite leaders to limit risk and close their cybersecurity communications gap.
“Clear, candid communication among leaders is a must-have for any organization to appropriately evaluate and protect against the amplified cybersecurity risks confronting all industries and sectors today,” stated Evan Roberts, a Senior Managing Director in FTI Consulting’s Cybersecurity & Data Privacy Communications practice. “When C-suite leaders lack insight into the threats they face, they struggle to allocate the right resources to maximize their resiliency and preparedness.”
Survey Methodology
FTI Consulting’s Digital & Insights practice conducted an online survey in November 2023 among 787 C-suite executives at organizations with 500+ employees across FTI Consulting’s key industries, representing companies with $21.5 trillion in aggregated revenues and 3.69 million employees globally.
FTI Consulting also conducted an online survey between June and July 2022 of 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with $4.4 trillion in aggregated revenues and employing over 528,000 people.
About
About Secure Your Seat
FTI Consulting’s Cybersecurity & Data Privacy Communications practice offers a one-of-its-kind, six-week training program that equips CISOs to serve as key strategic thinkers and communicators at the C-suite and Board levels. From one-on-one communications and presentation training, to building custom and effective cybersecurity Board reporting frameworks, and conducting a mock Board session in front of industry-leading cybersecurity professionals, Secure Your Seat gives CISOs the tools they need to close the cybersecurity communications gap with their organizational leadership. For more information and details on how to sign up, visit our website.
555 12th Street NW
+1.202.312.9100
Investor Contact:
+1.617.747.1791
mollie.hawkes@fticonsulting.com
Media Contact:
+1.617.510.1676
Nick.Emmons@fticonsulting.com
Source: FTI Consulting, Inc.
Media Contacts
-
Corporate Communications
Matthew Bashalany
+1 617 897 1545 -
Americas
Nick Emmons
+1 617 747 1708 -
Europe, Middle East, Africa
Helen Obi
+44 79 7759 1658 -
Asia
Andrew Gerrard
+852 3768 4500 -
Australia
Rebecca Hine
+61 7 3225 4972