scrolL
07
06
05
04
03
02
01
07
06
05
04
03
02
01
07 Ageless
Many savvy CISOs have built super powers to protect their enterprise ship
1
More than half of CISOs asked are considered Baby Boomers...45 to 64. Apart from having a wealth of wisdom
and a strong work ethic, this age group are problem-solvers, entrepreneurs and team-oriented--all traits that make up a trusted advisor and the key protector of an organization’s brand, data and reputation.
06 Analytical minds
Law Enforcement Officer
8
Investigator
25
Computer Whiz
22
Analyst
45
05 BAD GUYS
Black-hat hackers:
brace for a brain dump
What if you got the chance to pick the brain of a major-league hacker? Almost two-thirds (65%) of CISO sleuths want to get into the mind of a hacker to help them figure out "what's next?"
About 12% would hire them, spotting good talent when they see it. Interestingly, 1 in 11 would take them off the streets and arrest them. Book ‘em Dano!
04 Starting Over
Save and Continue or Reboot?
78%
72%
42%
39%
69%
68%
36%
39%
71%
68%
91%
86%
FY 18
FY 17
FY 16
FY 15
FY 14
FY 13
Despite the tumultuous year CISOs faced this year, most wouldn't opt to start over. When asked, “If you got offered a reset button for the past year, would you push it?” 7 in 10 said ‘no.’
It’s a risk to start over, one that most CISOs don’t want to take.
03 Mythical Helpers
Cybersecurity skills shortage:
Your wish is granted
Four in ten CISOs said, if they had a set of mythical helpers, they’d opt for fresh new ideas and creative thinking to IT security – because simply relying on 'the old way' is way too risky. And a quarter of them are focused on the here-and-now, too – looking to stress test their existing infrastructure to shore it up.
CISOs said ‘budget ’is more valuable to them than time.
60
Phishing for funding?
02 Tick Tock or Dough
In the world of a CISO, money buys happiness (and a better security program). When we asked CISOs which one of these precious commodities – time or budget – is more valuable to them,
60% said ‘budget’. When asking for budget and resources to
cover data protection and disaster recovery programs, these
security guardians know how to translate their efforts into
language their board can understand.
The Most Non-Annoying Survey, sent to Chief Information Security Officers, revealed a handful of interesting perspectives
01 Introduction
And now to our other findings…
What this tells us is that these planned meet-ups are more about nurturing the CISO <> CCO relationship than just grabbing lunch. Like the crime fighting duos, Sherlock Holmes and Dr. Watson, these pairs recognize that the key to a successful integrated risk management program starts from working collaboratively across their enterprise.
One of the most alarming outcomes stemmed from the question of how often a CISO met with their Chief Compliance Officer. Over a third of CISOs aren't meeting with one of their best workplace allies a CISO could have--their CCO. On the other hand, 1/3 of CISOs are making it a point to connect with their CCO on a pretty regular basis.
The Most Non-Annoying Survey
for Chief Information Security Officers Survey Findings
17.9
%
93.8
%
0%
05%
10%
15%
20%
35%
30%
25%
Find out more
Which of the following occupations do you think influences a CISO’s success the most? (Select only one answer)
If you played video games as a kid, were you destined to become a CISO?
Almost half of CISOs cited that the analytical mind is key to success
in the role while only 22% believed that being a computer prodigy influences a thriving career. These results signify a clear shift in
the function of the modern CISO. CISOs today must equally
understand the technical side of cyber security as well as
Enterprise Risk Management.
No longer is there a clearly defined line between work and non-work when it comes to the digital experience. One in five of CISOs reported that observing the social media behavior of friends and family affects their digital strategy at work. Another third said external behavior has a moderate influence on the technologies at their job.
7%
CISOs as digital transformers
at home and at work
08 Digitalization
To what extent does the way you, your family and friends use social media impact your digital strategy at work?
What is your age?
A great deal
A little
None at all
A moderate amount
A lot
34%
16%
14%
29%
When asked about the two main flavors of CISO headaches (negligence vs. malfeasance), 44% said that 0–25% of the risks they encounter in the workplace are negligence-based. [Sigh]. While neither are good, at least negligence can be addressed by education, learning and training. 25% of CISOs said that more than half are indeed malfeasance. This is where proper lines of defense, monitoring, security and such are even more key.
09 Bad and Worse
Alexa...order John Grisham’s book, The Lincoln Lawyer
44
said that 0–25% of the risks they encounter in the workplace are negligence-based
Almost half of CISOs are seeing the wheels of the AI train turning – to the degree that AI is affecting their work (from “so-so” to
“holy cow!”). And almost a quarter (22%) are seeing the shift underway in bigger ways. No doubt AI is here to stay, and it’s
only going to make things more complicated, not simpler.
But that‘s TODAY. What about tomorrow?
A great deal: 7%
86%
91%
68%
71%
39%
36%
68%
69%
39%
42%
72%
78%
Beam me up Scotty…just
not so fast
10 Alien Invasion Now
How does Artificial Intelligence impact your job today?
None at all: 16%
A lot: 15%
A little: 37%
A moderate
amount: 25%
6 in 10 prophetic CISOs think AI is going to have BIG implications on their work and industry within the next 36 months. Perhaps these CISOs are the ones who want more budget, to start their education, planning, and technology spends now, to get out in front of the AI train … before it runs over their organization. Surprisingly, 1 in 11 are forecasting little to no impact at all.
None at all: 3%
A lot: 33%
A great deal: 28%
A moderate
amount: 30%
A little: 6%
How much of an impact do you think AI will have on your job in the next 3 years?
11 Alien Invasion Later
Where no man has
gone before
Thank you to all who took the survey. We hope you found the survey responses
useful in benchmarking your own CISO activity to your colleagues in the role.
If you, like our respondents here, are looking for support, reach out.
We can help.
saiglobal.com/sai360
More than a month ago 33%
In the last week
18%
Who? 34%
More than a week ago but less than a month ago 15%
When was the last time you had lunch with your Chief Compliance Officer? (or a colleague who performs the
same function?)
41
Convene a “think tank” to bring fresh ideas and creative thinking into IT security
14
Assign one helper to each of my staff to make them twice as productive
24
Stress test each protocol in my security program
7
Get funding from the board for all our initiatives
You're given a set of helpers for a week. What would you have them do? (Select only one answer)
%
Implement a zero trust network
4
Assume every aspect of my job while I take off for Santorini, Greece
This is a citizen’s arrest. You have the right to remain silent…
I need you to determine how secure my organization’s data is.
What are the top three organizations that you would love to hack and why?
You're hired.
What's the one major flaw in IT security that you have been able to exploit the most?
9%
37%
14%
12%
27%
If you met face-to-face with a major league hacker, what would be the first thing you’d say to him/her?
(Select only one answer)
UNDER
25
%
33
%
45–54
75 OR
OLDER
65–74
%
In our latest eBook, The Making of the Modern CISO,
you’ll get a glimpse into the DNA of today’s Chief Information Security Officer.
Part computer geek, part investigative analyst and part law enforcer, these high-level competencies
define the role of four industry-leading CISOs.
Chief Information Security Officers from LogMeIn; University of California, Davis; Motorola Mobility; and the
American Red Cross offer distinct views of themselves as first-responders and guardians of their organizations.
Yet they all have the courage to be both vulnerable and impenetrable at the same time.
Whether you’re looking for a poignant narrative or deciding on a
different career path forward, open its pages and discover this insightful read.
%
2
%
3
%
16
25–34
%
22
55–64
%
23
35–44
6 in 10 prophetic CISOs think AI is going to have BIG implications on their work and industry within the next 36 months. Perhaps these CISOs are the ones who want more budget, to start their education, planning, and technology spends now, to get out in front of the
AI train … before it runs over their organization. Surprisingly,
1 in 11 are forecasting little to no impact at all.
%
%
%
%
%
10
%
%
%
%
%
scroll
scroll
01
02
03
04
05
06
07
scrolL
scrolL
scrolL
Tap each item
08
09
09
08
08
10
10
11
11