CISO Redefined: Navigating C-Suite Perceptions & Expectations
Limiting Risk and Closing the Cybersecurity Communications Gap
-
May 14, 2024
DownloadsDownload Report -
The risk posed by cybersecurity vulnerabilities has never been greater. As senior executives face greater accountability for cybersecurity risk from regulators, investors, and other stakeholders, FTI Consulting set out to build upon our inaugural CISO barometer – which surveyed CISOs and information security leaders on rising pressures on their roles, leadership, and operations – to better understand C-suite executives’ perceptions and expectations of their CISOs. While the initial survey uncovered a communications gap between CISOs and executives, these new findings indicate the perceived gap feels even greater to the C-suite.
Key Insights
Expectations of CISOs increase as companies remain vulnerable to cybersecurity threats.
- Incidents are increasing with 9 in 10 respondents claiming they have experienced a cyber incident in the last 12 months, and 87% of executives reported they have increased their CISOs’ decision-making power, likely to account for this rise in threats.
CISOs aren’t fully prepared to communicate with leadership.
- One-in-three senior executives perceive their CISOs as being hesitant to raise potential vulnerabilities to leadership’s attention, with a similar proportion believing their CISO is making things sound more optimistic than they actually are.
- Nearly four-in-ten of execs feel their CISO is not completely prepared to communicate with key internal and external stakeholders, with more than one-third not fully prepared to communicate with leadership.
CISOs struggle to demonstrate key proficiencies to Execs.
- 31% of execs do not fully understand technical concepts used by the CISO.
- 58% of CISOs struggle to communicate technical language in a way senior leadership can understand (from 2022 CISO Survey).
- 62% of executives reported their CISOs’ direct communication skills do not exceed their expectations.
- 66% of CISOs feel senior leadership struggles to understand their role (from 2022 CISO Survey).
Execs support training programs for CISOs, with many citing it as an immediate need.
- 98% execs support more funding for CISO communications and presentation training.
- 45% say there is an immediate need, especially for companies with more than 2,500 employees.
- Executives say the biggest gaps to address in training are related to anticipating threats, raising employee awareness, communicating ROI, and cyber risk.
Published
May 14, 2024
Key Contacts
Senior Managing Director, Global Head of Cybersecurity & Data Privacy Communications
Senior Managing Director
Senior Managing Director, Co-Leader of Americas Cybersecurity & Data Privacy Communications
Director, Cybersecurity & Data Privacy Communications