REPORTS

Security and the C-Suite: Making Security Priorities Business Priorities

June 24, 2021

To gain organizational influence, cybersecurity leaders should report to the CEO.

The purpose of this research is to learn valuable information about the role and responsibilities of today’s cybersecurity leaders and the challenges they face in creating a strong security posture. Ponemon Institute surveyed 1,426 cybersecurity professionals in the United States, EMEA and Asia-Pacific.

Most of these professionals hold the title of Chief Information Security Officer (17 percent), Security Manager (15 percent), Chief Information Officer (12 percent), Chief Technology Officer (11 percent) and Security Director (11 percent).

According to the research, 93 percent of respondents are not reporting directly to the CEO.

In fact, on average respondents are three levels away from the CEO which makes it very difficult to ensure that leadership has an accurate and complete understanding of security risks facing the organization. Sixty percent of respondents say the IT security leader should report directly to the CEO because it would create greater awareness about security throughout the organization.

The majority of organizations are experiencing cyberattacks.

Sixty percent of respondents say their organization had a cyberattack in the past two years. 35 percent of respondents say no one was held accountable for the cyberattack followed by the CEO and IT security leader (28 percent of respondents). However, 42 percent of respondents say the IT security leader should be the person most accountable for preventing or mitigating the consequences of a cyberattack. It is easy to conclude, therefore, that the majority of respondents, (54 percent) worry about their job security.

Fifty-five percent of respondents say their organizations had a data breach in the past two years. Thirty percent of respondents say no one was held accountable followed by both the CEO and cybersecurity leader were held accountable for the breach. Thirty-six percent of respondents say the IT security leader should be held accountable for the data breach.

Download the full report

SHARE:
Price: FREE

About the Provider

LogRhythm
LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled Security Operations Center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments.

TOPICS

C-Suite, Cybersecurity, Security leaders