Structural limitations to improvement
Taking over the cybersecurity chief function is not only about particular person abilities, the way in which many firms are structured retains mid-level security leaders from getting the expertise they’d want to maneuver right into a CISO function. Myers factors to a number of systemic issues that make efficient succession planning robust.
“For lots of circumstances, the CISO function for the highest job remains to be fairly assorted inside the group, whether or not they’re reporting to the CIO, the CFO, or the CEO,” she explains. “That limits the strategic visibility and affect, which signifies that the quantity two doesn’t actually get the chief publicity or board-level engagement wanted to actually step into that function.”
The problem will get worse due to the way in which firms are arrange, in accordance with Myers. CISOs typically oversee a variety of tasks, threat, compliance, governance, distributors, information privateness and disaster administration. However cyber groups are normally lean and cut up into slim capabilities, so most deputies solely see a bit of the image. That restricted view makes it onerous for them to be seen as actually prepared for the highest job.
