IBM Study Reveals Critical Shift in the Role of Chief Information Security Executives Globally
Analysis of 130+ interviews presents a new class of security chiefs; CISO role follows the evolution of CIO and CFO with more strategic organizational responsibilities
May 3, 2012
ARMONK, N.Y., May 3, 2012 /PRNewswire/ -- A new IBM (NYSE: IBM) study reveals a clear evolution in information security organizations and their leaders with 25 percent of security chiefs surveyed shifting from a technology focus to strategic business leadership role.
In IBM's first study of senior security executives, its Center for Applied Insights interviewed more than 130 security leaders globally and discovered three types of leaders based on breach preparedness and overall security maturity. Representing about a quarter of those interviewed, the "Influencer" senior security executives typically influenced business strategies of their firms and were more confident and prepared than their peers—the "Protectors" and "Responders."
Overall, all security leaders today are under intense pressure, charged with protecting some of their firm's most valuable assets – money, customer data, intellectual property and brand. Nearly two-thirds of Chief Information Security Executives (CISOs) surveyed say their senior executives are paying more attention to security today than they were two years ago, with a series of high-profile hacking and data breaches convincing them of the key role that security has to play in the modern enterprise. More than half of respondents cited mobile security as a primary technology concern over the next two years. Nearly two-thirds of respondents expect information security spend to increase over the next two years and of those, 87 percent expect double-digit increases.
Rather than just reactively responding to security incidents, the CISO's role is shifting more towards intelligent and holistic risk management– from fire-fighting to anticipating and mitigating fires before they start. Several characteristics emerged as notable features among the mature security practices of "Influencers" in a variety of organizations:
"This data painted a profile of a new class of CISO leaders who are developing a strategic voice, and paving the way to a more proactive and integrated stance on information security," said David Jarvis, author of the report and senior consultant at the IBM Center for Applied Insights. "We see the path of the CISO is now maturing in a similar pattern to the CFO from the 1970s, the CIO from the 1980s – from a technical one to a strategic business enabler. This demonstrates how integral IT security has become to organizations."
Recommendations to Evolve the Security Role in an Enterprise
For example, those "Responders" in the earliest stage of security maturity can move beyond their tactical focus by establishing a dedicated security leadership role (like a CISO); assembling a security and risk committee measuring progress; and automating routine security processes to devote more time and resources to security innovation.
"Security in a hyper-connected era presents a new set of challenges, but these can be greatly eased by implementing innovative practices and adopting a more integrated, holistic approach," said Marc van Zadelhoff, an author of the report and vice president of Strategy, IBM Security Systems. "CISOs that prioritize these factors can help their organizations significantly improve business processes and achieve measurable success in their progress toward building a risk-aware culture that is agile and well-equipped to deal with future threats."
About the Assessment
To access the full study, visit ibm.com/smarter/cai/security.
About IBM Security
For more information on IBM security, please visit: www.ibm.com/security.
|Powered by MediaRoom|