Integration of multiple solutions and compliance are identified as the top two challenges by the security leaders
The survey asked the CISOs the scope of their responsibility...That could actually give a clue to how many, GDPR actually matters
According to the World Economic Forum’s Global Risk Landscape 2018, part of its Global Risk Report (GRR) 2018, both cyber-attacks and data theft are two of the topmost risks to the world we are living in, ranking next only to extreme weather events and natural disasters in terms of likelihood. Cyber-attacks are also the 4th most impactful risk.
That pretty well explains why organizations are worried and want to do something. That also explains why the regulators are worried and want to do something—which, in turn, means asking the organizations to do those ‘extra’ things. Rapid digitization of more and more functions, evaporation of the boundary between digital and physical (and increasingly biological) means that these ‘somethings’ have to be done pretty fast.
All these, in a typical commercial organization of some size, converge at the desk of the head of information security—often called Chief Information Security Officer (CISO) these days.
The function itself is not new; the brief is fairly new.
And it is fairly simply – it reads protect and comply. Yes, while the final objective is ‘protect’, ‘comply’ is a very significant independent objective. To protect, you must do what is right. To comply, you must also do what the regulator thinks is right. Never mind, the objectives are the same.
All that this not-so-comprehensive survey asked CISOs are some simple questions—their reporting, what they spend time on, their involvement in purchase, their challenges—and to complete, the deployment status of various security solutions and their expectation from the security vendors.
This survey was conducted among CISOs attending our annual CISO Forum on a day that was an important date in the recent lives of CISOs worldwide—May 25, the day GDPR kicked off.
It is not trivia info. The survey asked the CISOs the scope of their responsibility—whether it is restricted to India, to regional levels or global levels. That could actually give a clue to how many, GDPR actually matters.
The objective of the survey was to simply get a little more insight into the changing scope of a CISO’s work.
While there is a significant change over the years, to those tuned in, many findings should not come a surprise. For example, the fact that top challenges identified by the CISOs are integration of multiple solutions and conforming to so many new regulations. Now, who, in security community would find it a ‘significant’ new finding? Well, next time you converse about it, you can use the data to support your point. That is about it.
Yet, there are some surprises. If you are not surprised, tell us. We know the CISOs’ profiles within organizations are rising. But even then, it came as a surprise that those reporting to people outside IT organizations outnumber those part of IT organizations by eighteen percentage points!
Let’s start with that.