CISOs struggle for influence in boardrooms, says report
Wed 6 Sep 2023
Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership in boardrooms, according to a new report by BSS.
Of the 150 UK-based information security decision makers surveyed, under a third (28%) agreed that the value of their role was recognised by the board.
“CISOs need a seat at the table. Such a poor level of prioritisation for information security is unacceptable in a world of evolving threats that can result in significant financial and reputational penalties,” said Chris Wilkinson, Director at BSS.
Less than a quarter (22%) stated they are actively involved in wider business strategy and decision making. And only one in 10 said information security is always in the top three priorities on the boardroom’s meeting agenda, identifying a worrying lack of buy-in to its importance for fundamental business operations.
Further to this, 49% agreed that there is a lack of C-level buy-in to the role of information security, with a third (32%) going as far to say that there is no C-Level buy-in at all.
“CISOs need to be forceful and use business impact as ammunition to give them leverage in the boardroom to receive the resources and investment they need.
“It is high time CISOs are acknowledged as a vital enabler to commercial operations, with information security a part of every business decision,” added Wilkinson.
This poor attitude towards information security is also highlighted by a notable 78% of respondents mentioning that high-profile security incidents have led to increased budget allocation and support, indicating investment for the wrong reasons.
Despite the increase in budget reported, half (55%) of CISOs surveyed say they are expected to spend their budget on what is hitting the news headlines, rather than where it is really needed. The value of the CISOs input in where increased budgets are spent is not being recognised.
Hungry for more tech news?
Sign up for your weekly tech briefings!
