Check Point found that CISOs increasingly need to balance IT and business strategy

A survey of security leaders commissioned by Check Point® Software Technologies Ltd (NASDAQ: CHKP) and conducted by International Data Corporation (IDC) shows that the role of CISO has increasingly become a job that combines multiple leadership roles. Conducted in November 2023, the global survey of 847 security leaders in 17 countries aimed to better understand their roles, responsibilities and the realities they face in their work. The responses show that the role of the CISO is changing, as today’s IT leaders have a dual responsibility: as head of IT security and as business overseer.

The survey also showed that the role of the CISO today is different than people think. A common misconception is that a CISO’s only job is to assess risks and develop, manage and execute security programmes to protect the business. This is no longer the case. The survey results show that security practices must be fully aligned with business and innovation initiatives. This requires CISOs to align strategic business requirements with technical practices.

The key findings of the IDC survey:

• Strategic thinking: CISOs think strategically about business objectives, security technologies and security architectures. The IT landscape consists of networks, clouds and multiple endpoints, so ensuring resilience against complex cyber attacks is a comprehensive strategic process.
• Expanding the CISO role: On closer inspection, CISOs actually do more than two jobs at the same time: CISOs not only have to protect the company, they are now also legal and compliance advisors, risk managers, auditors, customer support managers and chief communicators.
• CISOs and CIOs: The relationship between CISOs and CIOs is much more complex than often realised. Although CISOs and CIOs want to work together, they do not always agree on IT and security priorities. For example, CISOs and CIOs have different views on what role a CISO can play in strengthening the resilience of organisations.

What CISOs need to bring to the table today and in the near future

Both CISOs and CIOs were asked what they consider to be the most important tasks and responsibilities of a CISO. When asked what strengths and skills a CISO should have, 12 per cent each responded that “awareness and understanding of the latest cyber security threats” and knowledge of “IT architecture and technical skills” were most important. However, just as many respondents were in favour of other skills: “leadership and team-building skills” were close behind at ten percent and “business management skills” at eight percent.
When asked “How do you think your role will change the most in the next 12 to 24 months?”, 39 per cent of security leaders suggested that a “further focus on traditional security tasks” will be the focus of CISOs. In contrast, the second most common answer at 33 per cent confirms the emerging trend: respondents predict an “expansion of the role as a company leader in the area of ‘trust’ (including security, risk and compliance)”.

Comments on the study:

Cindi Carter, Global CISO, Check Point:
“As a long-time CISO from start-ups to large enterprises, this survey confirms many of my experiences. Being a CISO is a very demanding role that is constantly evolving. As a security officer, you need to have a comprehensive understanding of the business, technologies, legal and regulatory aspects and strategic direction, while dealing with increasingly sophisticated cyber attacks. I believe this survey will inspire my CISO colleagues, knowing that we share many of the same insights and challenges, no matter where they are in the world.”
Frank Dickson, Vice President Cybersecurity Product Programme, IDC
“Although I work as an analyst in the cybersecurity industry, the results surprised me, especially the complex relationships CISOs have within their organisations. The survey results confirm and refute what we thought about the CISO role and how far it has evolved.”

Kristin Owens, VP Corporate Marketing, Check Point:
“We are very proud to have co-commissioned this important study with IDC. This groundbreaking study confirms what security and IT leaders around the world think about their role, their responsibilities and the reality of their work. It confirms that CISOs have evolved from security leaders to key drivers of business growth. Whether you’re a CISO, CIO or other business or technical leader, there’s something for everyone to learn