Are CIOs and CISOs Overconfident in Their Communications with the Rest of the C-Suite?


By Christophe Veltsos, PhD
@DrInfoSec
March 30th, 2016

As a leader have you stopped for a moment to consider “are CIOs and CISOs Overconfident in Their Communications with the Rest of the C-Suite?” Given the unmistakable importance of cybersecurity in the eyes of top leadership today, CIOs and CISOs are under pressure to provide clear, regular updates to the rest of the C-suite on the status of their organization’s cybersecurity efforts. A 2016 report from IBM’s Institute for Business Value entitled Securing the C-suite — Cybersecurity perspectives from the boardroom and C-suite sheds light onto the communication dynamics within the C-Suite. The survey of over 700 executives from a variety of countries, industries, and roles provides a clear warning for CIOs and CISOs: don’t overestimate how well you are communicating with the rest of the CXOs.

Data Security Improvements

While 2/3 of the C-suite regards cybersecurity as a “top concern,” there are major disconnects about how well prepared CXOs view their organization. When CXOs were asked if “cybersecurity strategy of their company is well established,“ 77% of CROs and 76% of CIOs responded yes; however, this is in sharp contrast to only 51% of CEOs, 55% of CFOs, and 61% of CHROs. When those same CXOs were asked if they were “very engaged in security threat management discussions,“ while 56% of CIOs responded yes, the rest of the C-suite did not appear to agree: only 45% of CEOs, 38% of CFOs, and 41% of CHROs agreed.

Some the key recommendations from the report are to have regular discussions about cybersecurity and incident response plans, and to involve key stakeholders in the C-suite, such as the CRO, CFO, CHRO, and those responsible for the supply chain.

A platform like TrustMAPP helps elevate the discussion about the organization’s current readiness and future plans for cybersecurity. It helps bring everyone in the C-suite to the table, and ensures that progress can be explained, tracked, and improvements can be appropriately prioritized and budgeted for. There doesn’t have to be a disconnect in the C-suite; let TrustMAPP help your organization communicate clearly about cybersecurity.