As cyber security is becomes an increasingly important issue in all industries, so does the role of the chief information security officer (CISO). In 2015, 79 percent of businesses detected a security incident, and there has been a 110 percent increase each year in denial-of-service cyberattacks.
Data breaches are putting a dent in businesses’ bottom line, to the tune of an average consolidated total cost of $4 million with each incident. That’s why companies are bolstering their information security. Global spending on cyber security is expected to reach $101 billion by 2018, according to Gartner.
CISO is an Evolving Role
Increased investment in information security means a higher demand for senior-level cyber security professionals. The chief information security officer (CISO), sometimes referred to as the chief information officer (CIO), is the highest ranking cyber security executive and is responsible for establishing and maintaining the enterprise strategy and processes that protect information assets.
The CISO is quickly emerging as an essential role, as 61 percent of companies now have someone in that position. Likewise, the cyber security salary for a CISO is up 9 percent from a year ago. The average cyber security salary for a CISO rose from $203,000 in September, 2015 to $220,000 in February, 2016.
The CISO may be the fastest-growing C-suite position, but it is a complicated one. The path to leadership in cyber security isn’t based on technical skills alone. As a PwC report says: “Cyber risk is more than an information technology issue; it’s a business issue.”
Therefore, CISOs must possess operational and leadership skills to augment their technical expertise. As members of the C-suite, CISOs are responsible for making business decisions about security risks and bridging the gap between technical detail and organizational impact.
The person in the role must manage IT personnel and communicate effectively with key executives and stakeholders. Thus, soft skills such as critical thinking, leadership acumen, written and verbal communication and the ability to forge partnerships are vital.
What are the Qualifications for a CISO Role?
Companies prefer CISO candidates who have at least 10 years of IT experience, as well as three to five years’ leadership experience. A master’s degree is beneficial, particularly if the program provides business and management training.
This training teaches the essential soft skills that can differentiate an IT manager from a CISO. A master’s degree provides cyber security professionals with that vital advantage.
Despite the expanded responsibilities and the obvious importance of the role, CISOs are often considered secondary to other executives. Bob West, Chief Trust Officer at CipherCloud, believes that this is a dangerous misconception: “The role grows in importance with every security breach and security vulnerability identified. The threats have been much more aggressive and range from nation states to criminal organizations.”
To find out how to climb the career ladder towards your coveted CISO position, view our free infographic “How to Become a Chief Information Security Officer.” It is your step-by-step guide to progress from bachelor’s graduate, to cyber security c-suite executive.
CISO is Finding Prominence in the C-Suite
As the newcomer to the executive suite, the CISO role is redefining traditional operating structures.
Currently, many CISOs report to the company’s CIO, not the CEO, in larger organizations while smaller organizations tend to have one executive perform the CISO and CIO role. ThreatTrack, a company that specializes in threat intelligence, malware analysis and advanced threat defense, surveyed 200 U.S. C-level executives and found that 55 percent of CISOs report to the CIO, while 40 percent report to the CEO. Even in industries commonly targeted by cyberattacks, the same reporting structure is prevalent: finance (53 percent), media (60 percent), retail (54 percent) and healthcare (69 percent).
However, there are indications this structure is shifting rapidly. International Data Corporation (IDC) research predicts that 75 percent of CISOs will report directly to the CEO by 2018. Salaries are rising in response with SilverBull reporting a cyber security salary range of $126,000 to $311,000 for CISOs across the U.S.
As data breaches and the cost of data security mounts, future CISOs will likely hold a pivotal and prominent role in any C-suite.