International Cyber Expo International Cyber Expo
  • About Us
Sunday, 12 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

2017: The Year of the CISO

by The Gurus
July 20, 2017
in Editor's News
Share on FacebookShare on Twitter

The role of the Chief Information Security Officer (CISO) is a comparatively new one in both the IT industry and enterprise. Yet, CISOs are arguably the most important technology stakeholder working in businesses today — dealing with a myriad of risks, threats, breaches, policies, regulations and user behaviour. These responsibilities are as complicated as they are important, and CISOs can often find themselves isolated and operating outside of the usual and well-understood aspects of corporate governance.
 
The role of ClubCISO, a private members forum for European information security professionals, is to help understand, promote and shape the future of the profession. Powered by Company85, ClubCISO held its fourth annual survey this year, with 39 CISOs participating in the discussion, and published the findings in the new ClubCISO IT Security Maturity Report 2017. These CISOs represent all sizes of business, from rapidly-growing challengers to major FTSE organisations.
 
While the full results are enlightening and hugely optimistic across the board, we wanted to highlight three areas that sum up the challenges and opportunities for CISOs in today’s enterprise: their role; the relationship with their company boards; and the importance of understanding people and their behaviours.
 
Trust me, I’m a CISO
As the role of the CISO becomes more mature, there are more points of commonality between job descriptions. Several fundamental questions however remain, including ‘what do CISOs actually do, and what exactly is a CISO?’ First and foremost, it is clear there is no one defined CISO role. Yes, they are all the most senior professional in their organisations for mitigating cyber risks, but there is also huge variation between approaches and strategies — pending company and board expectations. CISOs must therefore work together to shape the future of the profession.
 
The trend, however, is for the CISO to become more visible in the organisation. Nearly half (47%) of CISOs surveyed consider themselves to be actively involved in strategic business decisions outside of their core technology remit. And they are also getting more resources, at a time where other roles are facing cutbacks. Only 9% of CISOs have seen a budget cut this year, while 14% have seen an increase of over 100%. The only thing that appears to be holding back further growth in the rise and function is the ability to find good people.
 
In past years the ClubCISO survey has shown that information security hasn’t always had a natural home in a company, but most CISOs now report directly to CIO/CTO, rather than into matrix structures. In 2017 nearly two-thirds of CISOs report to the CIO/ CTO; this figure has almost doubled since 2016 (33%). Reporting via matrix structures has correspondingly fallen to 17% (2016: 37%). A number of CISOs pointed out that they report directly to the CIO but not as part of the IT department. This change in reporting structure will also, no doubt, further define the role of the CISO.
 
Board games
It’s evident from the research, that there’s a clear disconnect between expectation and reality of how information security can and should be managed. Despite the majority of CISOs having better lines of communication into boards, CISOs think many of their company boards still have information security priorities in the wrong order. Security is undoubtedly important for companies, but the temptation is to deal with tactical and visible threats rather than bake security and recovery into the organisation holistically.
 
Company boards are time poor and so tend to focus on the issues right in front of their noses. Perhaps that’s why, in the wake of a growing number of cyber attacks, an increasingly fragmented (and therefore vulnerable) workforce, and a step-up in the complexity and effectiveness of malware, 78% of company boards still place their focus squarely on prevention capabilities, rather than response (just 22%). At the same time, these same boards contradict themselves by prioritising breach response very highly. In fact, 63% cite it as a major responsibility of the CISO. In other words, boards want CISOs to clean up the mess after a breach, but they’re not necessarily taking a balanced approach in investing in solutions that enable them to do this quickly and effectively.
 
The CISO as a people person
IT security is not all ones and zeros. Insider threat and user behaviour (malicious or not) is one of the biggest challenges to an IT security strategy and policy. Time and again, ClubCISO’s annual survey has shown that CISOs believe that people pose the greatest risk to an organisation. Respondents revealed that as many as 60% lack the confidence that internal security policies are actually implemented. As such, it is no wonder that CISOs are working ever more closely with HR to devise and implement solid policies and controls.
 
As one CISO says in the research: “I now spend more time with HR than I do at my own desk”.
 
CISOs touch every part of their businesses and organisations. There are multiple reasons for this. Chief amongst these might be the fact that over one-third of organisations were certain they had suffered a material data loss incident during the past 12 months. It is becoming increasingly evident that security has to be embedded into every facet of the business to minimise risk. CISOs do however admit that ‘security by design’ is very hit-and-miss. More than half of CISOs surveyed said it is considered from the outset for all projects, but nearly one-third think it is hardly ever considered.
 
So what’s next?
Ultimately, CISOs have made it clear that there needs to be a change in security strategy in order to safeguard businesses and their data. CISOs are concerned at how their boards prioritise prevention over response. ClubCISO believes this imbalance does not reflect the reality of breaches—it is an inevitability that every organisation will suffer a data breach at some point, therefore businesses need to do more to ensure they have good recovery plans in place to mitigate the potential damage.
 
What is clear is that now is definitely the time for change for the CISO. And those businesses that want to reduce risk will need to start changing according to the leaders in the industry who are stepping up to fulfil this role.
 
To find out if you, as a CISO, are on track with your peers we suggest downloading the ClubCISO Information Security Maturity Report 2017, here.

Tags: CybersecurityTechnology
ShareTweet
Previous Post

The race to own the home

Next Post

Thales: As GDPR approaches, retail data breaches remain unacceptably high

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol