Survey Finds CEOs, CISOs Aren't Communicating on Security
Thirty-six percent of CEOs say the CISO never reports to them on the state of IT infrastructure security.
"The survey checked the opinions of 100 CEOs and 100 CISOs, or other C-level execs with responsibility on security matters," writes AllThingsD's Arik Hesseldahl. "Among the highlights: 36 percent of CEOs said they never hear from their CISO about the state of the organization’s security, and only 27 percent get reports on the subject on a regular basis."
"Let that sink in for a moment. With all of the cyber threats that are reported on a weekly, monthly and annual basis, 36 percent of CEOs don’t deem it necessary to get a security briefing from the member of their executive team who oversees security," CORE Security president and CEO Mark Hatoon wrote in a blog post.
What's more, the survey found, only 15 percent of CEOs say they're very concerned about IT systems getting hacked, compared to 61.5 percent of CISOs.
"I've heard about the lack of attention CEOs pay to the security staff for years now," writes CSO Online's Bill Brenner. "But in more recent years, many CSO-CISO types have told me about improvements in that line of communication. The data breach pandemic has scared many top execs into paying closer attention, they've told me. This latest survey appears to fly in the face of that, however."
"These results should be a wakeup call for every organization to demand better alignment between the executives charged with protecting their most vital assets," CORE Security senior vice president of marketing Patricia Foye said in a statement. "The idea that there are such disparate views on the crucial threats facing the company between two members of an executive team is discouraging to say the least. CEOs need to bring their security teams into the mainstream of day-to-day operations."