The Evolving Risks and Roles of CISOs in 2016
Chief Information Security Officers (CISOs) are charged with more responsibility than ever before: Maintaining the enterprise vision, while ensuring technology assets are protected. In CISOs Identify the Biggest Security Challenges as They Enter 2016, Security Current sheds light on the top-of-mind issues affecting CISOs today.
IT security vendors are wise to recognize and capitalize on emerging trends:
The Risks for CISOs
Many issues that Chief Information Security Officers faced in 2015 will carry into 2016. Last year, CISOs were confronted with an abundance of cyberthreats and data breaches, affecting banking, healthcare, government, media, telecommunications, and other industries.
Major trends—from big data to the Internet of Things (IoT) to mobile to the cloud—only made threats more sophisticated. Meanwhile, data privacy laws now call for stronger safeguarding practices and security protocols.
“While some CISOs operate world-class security programs, many are still struggling with achieving and maintaining regulatory compliance and aligning their program to business goals,” says Terrence Weekes, CISO at DJO Global. “The year 2016 will likely yield greater awareness of cybersecurity risks within executive and board ranks, and that awareness should drive CISOs to develop more appropriately-funded security programs that are threat-aware and business-focused.”
In 2016, CISO predictions suggest there will be a rise in the following investments:
- Risk mitigation programs
- Integrated threat intelligence and analysis
- Cyber-attack detection technologies
- Incident response tools
- Cloud service solutions and protections
- Cloud security software
- Cybersecurity insurance or cyber liability insurance
For example, a trigger in the DiscoverOrg platform from January 2016 indicates: “IBM has announced the acquisition of IRIS Analytics, a fraud software and consulting company, to support plans to integrate the company’s machine-learning technology into IBM’s Counter Fraud Management Suite.”
Expect to see more companies turning toward cloud services, security systems and hyper-convergence technologies.
According to a DiscoverOrg trigger from October 2015: “Microsoft sources indicate an interest in multiple initiatives to support enterprise content management (ECM) efforts, including business process management, cloud storage, document capture and conversion, document management, Hybrid/On-Premise ECM, data collection, web content management, and software as a service (SaaS) ECM initiatives.”
IBM Cloud & SaaS Operational Services CISO David Cass says, “Analytics and cognitive capabilities will see rapid growth as organizations look at their big data for new insights.”
Trends suggest that data and analytics will be a top focus in 2016.
The Roles of CISOs
Collectively, Chief Information Security Officers have a wide range of ranks and responsibilities, which can make selling into IT challenging.
In some organizations, CISOs are top-level leaders with supreme buying power.
“The CISO of 2015 has been expected to be a business leader, IT leader, finance leader, and an excellent people influencer and navigator,” says James Carpenter, CISO at Texas Scottish Rite Hospital for Children.
In other companies, CISOs are not the head buyers; such tasks are delegated to their teams. Some even report to higher-level executives and do not possess absolute decision-making discretion.
“The CISO role will be elevated in the organization. The old model of having the CISO report to the CIO will come under increased scrutiny and more and more organizations will transition to Board level visibility of security and risk topics,” says DocuSign CISO Vanessa Pegueros.
The balance between CIO and CISO purview and purchasing power can be somewhat blurred. As an added barrier for IT sales and security vendors, DiscoverOrg triggers indicate high CIO and CISO turnover…
Yet, companies that have both roles continue to make information security a priority. DiscoverOrg’s triggers predict a continued investment in IT security leadership and personnel.
“Heading into 2016, I would recommend that security executives—CISOs—within the organization do a deep dive on the security tools, protocols and practices used by their third party providers,” says Farhaad Nero, Bank of Tokyo-Mitsubishi Vice President of Enterprise Security.
Chief Information Security Officers at Fortune 500 Companies will be spending billions on new initiatives in 2016. For insight on CISO decision makers and their priorities, download DiscoverOrg’s CISO Contacts at Fortune 500 Companies.
Thank you to all of the executives who contributed to Security Current’s CISOs Identify the Biggest Security Challenges as They Enter 2016:
- Joe Adornetto, CISO, Quest Diagnostics
- Roota Almeida, Head of Information Security, Delta Dental of New Jersey
- Bret Arsenault, CISO, Microsoft
- Devon Bryan VP, Global Technical Security Services (CISO), ADP
- Paul Calatayud, CISO, Surescripts
- James Carpenter, CISO, Texas Scottish Rite Hospital for Children
- David Cass, CISO, Cloud & SaaS Operational Services, IBM
- Daniel Conroy, CISO, Synchrony Financial
- Gary Coverdale, CISO, County of Napa
- Grace Crickette, Special Administrator, San Francisco State University, CFO Division
- Darren Death, CISO, ASRC Federal
- Todd Fitzgerald, Global Director Information Security (CISO), Grant Thornton International
- Gene Fredriksen, Global ISO, PSCU
- David Hahn, CISO, Hearst
- Brian Kelly, CISO, Quinnipiac University
- Marty Leidner, CISO, The Rockefeller University
- Brian Lozada, CISO, Abacus Group, LLC
- Michael Mangold, Director of Information Security, Tractor Supply Company
- Vickie Miller, CISO, FICO
- Farhaad Nero, VP Enterprise Security, Bank of Tokyo-Mitsubishi UFJ, Ltd.
- Pritesh Parekh, CSO, Zuora
- Vanessa Pegueros, CISO, DocuSign
- Wayne Proctor, CISO, FLEETCOR
- Joel Rosenblatt, Director, Computer and Network Security, Columbia University
- Anthony Scarola, EVP, Director of Information Security (CISO), TowneBank
- David Sheidlower, CISO, Global Media & Advertising Firm
- Terrence Weekes, CISO, DJO Global