FTI Consulting Survey Reveals CISOs Struggle to Effectively Articulate the Business Impact of Cyber Risks
Survey Highlights Critical Communications Struggles, with 66% of CISOs Surveyed Believe Their Senior Leadership Struggle to Understand CISOs’ Roles
Washington, D.C., Oct. 13, 2022 — A new survey from FTI Consulting, Inc. (NYSE: FCN) reveals the heightened pressure felt by chief information security officers (“CISOs”), as company boards and leadership seek to improve oversight of cyber risks in the face of growing regulatory, investor and media scrutiny. With CISOs required to regularly present to their boards, they now face the challenge of articulating cybersecurity risks and opportunities to an engaged audience, according to CISO: Communications Redefined, Navigating the Journey from Control Room to Boardroom.
This research explores the communications challenges facing CISOs and those in charge of information security and illuminates the struggles of CISOs and information security leaders to more clearly communicate — both internally and externally — their role, leadership and management of cybersecurity.
Among CISOs surveyed, 85% said that the prominence of cybersecurity on the board’s agenda has increased over the last 12 months, with 79% feeling heightened scrutiny from senior leadership. The lack of executive leadership understanding CISOs’ roles (55%) prevents CISOs from articulating critical priorities, with 53% saying their cybersecurity priorities are not completely aligned with their organizations’ C-suite leadership.
Despite this increased prominence, the majority of CISOs (58%) surveyed revealed their struggle to articulate technical information and effectively communicate cyber risk in a manner that the board and senior leadership can understand. Ultimately, a disconnect between the CISO and board and leadership priorities may negatively impact an organization’s ability to effectively prepare and respond to a cyber incident.
“There is increasing evidence that boards and leadership teams recognize the growing cybersecurity risk to their organizations,” said Meredith Griffanti, a Senior Managing Director and Co-Leader of the Cybersecurity & Data Privacy Communications practice within the Strategic Communications segment at FTI Consulting. “But our research found a clear communication disconnect between executive teams and their CISOs that is hindering organizations from being fully prepared for this risk.”
Other key survey findings include:
- With mounting pressure, 82% of CISOs claim that they feel the need to positively exaggerate their role to their board.
- Even as cybersecurity awareness grows, 58% of CISOs struggle to communicate technical language to their boards, and 63% feel that their concerns are not aligned with senior leadership priorities, potentially leaving companies exposed to a possible incident or regulatory sanction.
- While 88% of CISOs surveyed have experienced a cyber incident in the last 12 months, 46% of the respondents claim these incidents were not mitigated quickly and continue to struggle to rebuild trust and confidence among leadership following the incident.
- 52% of CISOs claim that managing communications with internal and external stakeholders is the biggest challenge when responding to an incident, and 63% believe that their cyber concerns are not fully aligned with senior leadership’s priorities and could leave companies exposed to a possible incident or regulatory sanction.
While 66% of CISOs feel that their senior leadership struggle to understand the CISO’s role, over half state that they struggle to communicate technical language in a way their board members can comprehend. In response to those results, FTI Consulting asked if respondents would benefit from communications training, and 91% said communications coaching would positively impact their role. Therefore, in the coming months, FTI Consulting will deliver Secure Your Seat, a program that prepares CISOs to successfully navigate between the control room and the boardroom, communicate their value to the board and C-suite peers, and manage the expectations of senior leadership. This communications training program is set to launch in the near future.
FTI Consulting’s Cybersecurity & Data Privacy Communications practice conducted an online survey between June and July 2022 of 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with $4.4 trillion in aggregated revenues and employing over 528,000 people.
555 12th Street NW
Source: FTI Consulting, Inc.