Along with conventional info security obligations, similar to security operations, security engineering, GRC, and utility security, many CISOs now oversee enterprise danger features, together with danger and compliance, third-party danger administration, catastrophe restoration, and product security. “Practically 30% even have possession over elements of the IT stack, together with IT compliance, IT operations, or networking,” the survey of 662 CISOs discovered.
Cybersecurity marketing consultant Brian Levine, a former federal prosecutor who serves as government director of FormerGov, says CISOs can’t be anticipated to deal with all the pieces that touches cybersecurity that nobody else needs.
“Enterprise CISOs aren’t simply burned out; they’re boxed in. The title retains rising, however the affect doesn’t all the time comply with,” Levine says. “The fashionable CISO isn’t simply operating a security program anymore. They’re operating a geopolitical, regulatory, and enterprise‑vast danger portfolio. The scope has exploded so quick that the function is outpacing what anyone particular person can moderately personal.”
