According to Splunk’s 2023 CISO Report [1] [2], there has been a significant increase in the number of global CISOs reporting directly to their CEO. This trend is even more pronounced in Europe compared to America. CISOs are gaining influence in the C-suite by sharing security testing results and demonstrating the ROI of security investments [2]. As a result [2], respondents expect security spending to increase in the coming year [2]. However, the declining economy has led to an increase in cybersecurity threats, causing concern among CISOs. Funding issues have also resulted in delays or cancellations of cybersecurity projects for some respondents [2], and there is a perceived lack of adequate funding from boards. The report highlights the growing importance of cybersecurity committees at the board level. However, boards still tend to view strong security as synonymous with regulatory compliance rather than best practices. This emphasizes the increasing importance of CISOs in the C-suite and their role in guiding cybersecurity strategy, as well as the need for cross-functional collaboration and strategic planning for a resilient cybersecurity strategy.
Description
According to Splunk’s 2023 CISO Report [1] [2], there has been a significant increase in the number of global CISOs reporting directly to their CEO, with nearly half (47%) now doing so. In Europe [2], this trend is even more pronounced, with 54% of CISOs reporting to the CEO [2], compared to 41% in America [2]. CISOs are gaining influence in the C-suite by sharing security testing results and demonstrating the ROI of security investments [2]. This has led to the majority of respondents (93%) expecting security spending to increase in the coming year.
However, the declining economy has resulted in an increase in cybersecurity threats, causing concern among CISOs. A significant portion (85%) of CISOs express concern about the impact of macroeconomic uncertainty on their function [2]. Additionally, a lack of funding has caused delays or cancellations of cybersecurity projects for 31% of respondents [2]. Only 35% of respondents feel that their board allocates adequate funding for cybersecurity [2].
The report also highlights the growing importance of cybersecurity committees at the board level, with 78% of CISOs having such a committee. However, while boards are making efforts to educate themselves on cybersecurity [2], they still tend to view strong security as synonymous with regulatory compliance rather than best practices.
Conclusion
The increasing number of CISOs reporting directly to their CEO and gaining influence in the C-suite demonstrates the growing importance of cybersecurity in organizations. However, the declining economy and lack of funding pose challenges for CISOs, leading to concerns about the impact of macroeconomic uncertainty on their function [2]. Delays or cancellations of cybersecurity projects further highlight the need for adequate funding from boards. The report emphasizes the importance of cybersecurity committees at the board level, but also highlights the need for boards to view strong security as more than just regulatory compliance. This underscores the crucial role of CISOs in guiding cybersecurity strategy and the need for cross-functional collaboration and strategic planning to ensure a resilient cybersecurity strategy in the face of evolving threats.
References
[1] https://allinfosecnews.com/item/2023-ciso-report-splunk-inc-2023-10-10/
[2] https://www.infosecurity-magazine.com/news/half-cisos-report-ceo-influence/
