Most CISOs (84 percent) believe the role needs to be split into two functions – one technical and one business-focused, to maximise security and organisational resilience amid an ever-expanding threat landscape.
The research, Mind of the CISO: CISO Crossroads, from Trellix reveals insights from more than 500 CISOs from the private and public sector.
“We’ve entered the CISO duality era,” said Harold Rivas, CISO, Trellix. “CISOs need both a technical and business-focused lens – and we need to be strategic communicators. The role is no longer only about maintaining cyber hygiene. It’s managing risk, staying on top of and ahead of regulations and compliance, and aligning with leadership and the board, all while defending against advanced threats. CISOs are the conduit between key stakeholders, business objectives, and cyber resilience.”
Proactively maintaining a cybersecurity posture, prioritising ransomware prevention and mitigation, defending against state-sponsored attacks, and responding to global IT incidents are all top priorities for CISOs this year. On top of this, CISOs must also navigate complex regulatory requirements and increased stakeholder interest and expectations with limited resources.
The report indicates the impact of these responsibilities is being felt by CISOs.
- Regulation Overload: 93 percent of CISOs agree cybersecurity regulation has helped their career as a CISO – such as having greater influence in strategic decisions or elevation to board-level discussions, but the majority (79 percent) believe the time and effort it takes to keep pace with regulatory change is not sustainable.
- The Boardroom Battle: Reporting to the board is a skill CISOs need to hone, as nearly half (49 percent) report to the board on a weekly (or more frequent) basis, adding to their overburdened workload. Many still struggle with board and C-level understanding and alignment, with 66 percent saying the board lacks the technical knowledge or expertise to fully comprehend cybersecurity issues and 59 percent of CISOs saying their views don’t align with their CIO or CEO.
- CISO Role at Risk: As a result, 91 percent of CISOs agree these expanding responsibilities will lead to higher turnover in the role, and 49 percent do not see a future as a CISO. To better manage these growing responsibilities, 84 percent of CISOs believe the role should be split into technical (CISO) and business-focused (BISO) roles.
To ensure the future of this role, Trellix said CISOs need additional support from regulators, their organizations, and their peers. Eighty-seven percent of CISOs agree discussing cybersecurity regulation with peers is more valuable than doing their own research.
