Virtualization Technology News and Information
Shifting Regulations and Emerging Threats Cause Nearly a Third of CISOs to Consider Leaving Their Roles

Devo Technology unveiled the results of a new study examining the evolving role of the CISO and their sentiments toward the shifting threat and regulatory landscape. The survey found that new regulations, such as the U.S. Security and Exchange Commission's (SEC) cybersecurity rules, have caused CISOs to reconsider their roles and take action to protect themselves should they find themselves involved in legal trouble. 

The survey, conducted by Wakefield Research on behalf of Devo, demonstrates that many CISOs feel uneasy about emerging regulations and new threats and also feel there is a general lack of understanding about the CISO role. 

CISOs Eye the Exit and Focus on Protecting Themselves 

Respondents to the survey reported they felt the pressure of their roles mounting on them. More specifically: 

  • Nearly one in three (32%) of the CISOs surveyed think about leaving their roles because of the constantly changing threat and regulatory environment.
  • A strong majority (66%) have taken action to protect themselves, with 52% of the respondents saying they obtained an indemnification agreement with their organization to ensure the company covers the costs of defending against any potential lawsuits or investigations.
  • Furthermore, 47% of respondents asked their organizations to provide personal liability insurance or other cyber liability policies, while 31% sought outside legal counsel to protect themselves.

The SEC Cybersecurity Rules in Focus 

The regulatory landscape constantly shifts, with new country- and industry-specific regulations emerging regularly. The SEC cybersecurity rules are the latest and most-discussed rules recently implemented, and CISOs have poignant thoughts about them: 

  • 54% of the survey respondents said they were not very prepared to comply with the new SEC rules, especially those at companies with 2,500 or more employees (61%).
  • CISOs admit to struggling with the SEC rules due to issues relating to internal alignment between departments (30%) and their ability to gather data from different departments (27%).

Split Reporting Structures and CISO Role Ambiguity 

The survey found that not all CISOs have a direct line to the CEO. Additionally, the survey shed light on how CISOs felt the role was perceived across their organizations and what CISOs' top priorities are going forward: 

  • Over half (53%) of respondents report to their CIO or other IT leaders, while 44% report to their CEO. The survey found that those who reported to the CEO were more likely to struggle to comply with the SEC rules (97%) than those who reported to the CIO or other IT leaders (37%).
  • Over 60% of respondents reported that their organization is failing to communicate the CISO role, with a quarter of the respondents sharing that they think their organization doesn't place enough emphasis on the importance of cybersecurity when speaking about the CISO role to the broader organization.
  • As CISOs navigate these challenges, the respondents were clear on their top three needs to do their jobs effectively, with 69% of CISOs focused on security technology integration, 68% on security strategy and governance, and 58% on legal compliance and collaboration.

"The CISO role is notoriously ambiguous, as security needs can vary greatly from one organization to another," said Devo CISO Kayla Williams. "New regulations and threats are causing many to pause and reflect on whether they want this job and, if they do, how they can protect themselves. However, CISOs should look at emerging rules and regulations as an opportunity to advocate for what they need to do their jobs effectively." 

Read the full survey results in Devo's "The Modern CISO" guide, which also features additional data and insights from Keyfactor, CyberSN, and CISOs from leading organizations. 

Published Tuesday, April 23, 2024 12:37 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2024>