Trellix Finds Nearly Half of CISOs to Exit the Role Without Industry Action

New research details risk to the CISO role’s longevity amidst a lack of clarity, alignment, and support on expanding responsibilities

Trellix today announced a new report, Mind of the CISO: CISO Crossroads, which found most CISOs (84%) believe the role needs to be split into two functions - one technical and one business-focused, to maximize security and organizational resilience amid an ever-expanding threat landscape.

The research reveals insights from over 500 CISOs worldwide on cybersecurity regulation, the CISO role, and their interactions and challenges when reporting to their organization’s board. Insights shed light on the latest changes, responsibilities, and requirements for CISOs, the impacts of navigating them, and recommendations for organizations and policymakers to protect the future of this role.

“We’ve entered the CISO duality era,” said Harold Rivas, CISO, Trellix. “CISOs need both a technical and business-focused lens - and we need to be strategic communicators. The role is no longer only about maintaining cyber hygiene. It’s managing risk, staying on top of and ahead of regulations and compliance, and aligning with leadership and the board, all while defending against advanced threats. CISOs are the conduit between key stakeholders, business objectives, and cyber resilience.”

Proactively maintaining a cybersecurity posture, prioritizing ransomware prevention and mitigation, defending against state-sponsored attacks, and responding to global IT incidents are all top priorities for CISOs this year. On top of this, CISOs must also navigate complex regulatory requirements and increased stakeholder interest and expectations with limited resources. The impact of these growing responsibilities is being felt by all:

  • Regulation Overload: 93% of CISOs agree cybersecurity regulation has helped their career as a CISO – such as having greater influence in strategic decisions or elevation to board-level discussions, but the majority (79%) believe the time and effort it takes to keep pace with regulatory change is not sustainable.

  • The Boardroom Battle: Reporting to the board is a skill CISOs need to hone, as nearly half (49%) report to the board on a weekly (or more frequent) basis, adding to their overburdened workload. Many still struggle with board and C-level understanding and alignment, with 66% saying the board lacks the technical knowledge or expertise to fully comprehend cybersecurity issues and 59% of CISOs saying their views don’t align with their CIO or CEO.

  • CISO Role at Risk: As a result, 91% of CISOs agree these expanding responsibilities will lead to higher turnover in the role, and 49% do not see a future as a CISO. To better manage these growing responsibilities, 84% of CISOs believe the role should be split into technical (CISO) and business-focused (BISO) roles.

To ensure the future of this role, CISOs need additional support from regulators, their organizations, and their peers. 87% of CISOs agree discussing cybersecurity regulation with peers is more valuable than doing their own research.

“An element to success for CISOs is a strong collaborative community,” said Jim Jenkins, Vice President and Information Security Officer at Vantage West Credit Union, Trellix CISO Council member. “It’s a demanding, multi-faceted role when resources and support are in short supply. Learning from peers and sharing information broadly enables CISOs to be more efficient and refocus efforts on strategic initiatives.”

Clarity on role responsibilities and expectations, with clear guidance and support from leadership and regulators, as well as a collaborative peer community, are vital to ensuring the future success of the CISO role.

Learn more about Mind of the CISO: CISO Crossroads here.

Trellix’s Mind of the CISO initiative brings global attention to the needs of the CISO community, driving cybersecurity and AI best practices. Trellix continuously looks to support the global CISO community by engaging, listening, and advocating.

Additional Resources:

Previous
Previous

‘Western Credit Union Management School’: A New Name with the Same Educational Excellence

Next
Next

Member Support Services Expands Network with Greylock Federal Credit Union