Beenu Arora is the cofounder and CEO of Cyble, which provides fast and reliable Gen-3 threat intelligence solutions.
getty
The role of the chief information security officer (CISO) has transformed dramatically in recent years—and it's enough to overwhelm even the most seasoned professional.
The CISO now bears the weight of protecting sensitive data, maintaining customer trust and safeguarding the company's reputation. At the same time, the frequency and sophistication of cyberattacks continue to rise. Verizon's annual Data Breach Investigation Report revealed a staggering 30,458 security incidents and 10,626 confirmed breaches last year—more than twice as many as there were in 2022 and a sobering reminder of the trials CISOs face daily.
This reality, plus the ongoing trend of giving the CISO authority over anything related to technology and security, has increased the pressure of the job. Joe Sullivan, the former chief security officer (CSO) of Uber who was convicted of federal charges after covering up a 2016 data breach, now runs his own security consultancy. His clients no longer ask him, "How do I become a CISO?" but rather, "Do I really want the job?" It's a question that speaks volumes about the state of a prestigious role.
That hesitation stems from the growing realization that the threat landscape now makes failure almost inevitable, regardless of how experienced or skilled a CISO may be. If CISOs aren't shown the door, they'll eventually burn out and quit.
This is an untenable situation for one of the most influential leaders in an organization. So, what's the solution? Companies must start by proactively supporting and empowering their CISO.
Changes In The CISO role
The increasing number of cyberattacks is far from the only thing keeping CISOs up at night. Recent developments in the regulatory landscape and the rapid emergence of new technologies have added additional layers of pressure to an already high-stakes role.
First, new U.S. Securities and Exchange Commission (SEC) regulations went into effect in December that require CISOs to disclose "material cybersecurity incidents" at publicly traded companies. Even if that breach occurs because of organizational failures and not a CISO's faulty decision making, the SEC can hold CISOs personally liable.
Additionally, the rapid emergence of artificial intelligence (AI) carries inherent tradeoffs. Although it is poised to transform cybersecurity by enabling faster threat detection and response, it also provides bad actors with new tools that allow them to launch more sophisticated attacks.
It's no wonder that more than 80% of CISOs recently classified themselves as "highly stressed," according to a Vendict survey and that 30% of CISOs reported that stress had compromised their ability to perform in their roles. They're confronting obstacles that they never could have anticipated not too long ago.
Factors like these have led to a phenomenon known as the "CISO carousel," which is characterized by high turnover rates and short tenures among CISOs. Another study from ProofPoint shows that 53% of CISOs acknowledged feeling burnt out and that 66% believe they face excessive expectations.
This constant churn can harm your company's cybersecurity posture, as new CISOs need time to familiarize themselves with the organization's unique security needs before they can implement effective strategies.
And these are just some of the reasons why you must give them the tools to succeed.
Supported CISOs Are A Difference-Maker
You must arm your CISO with adequate budgets, a skilled staff and advanced threat intelligence tools that include real-time threat detection and dark web monitoring to remain vigilant against all sorts of dangers.
You should also back your CISO by facilitating strong relationships with corporate leadership and close collaboration with departments such as IT, legal, human resources and public relations. These teams will help your CISO coordinate a swift and effective response to a security incident and can relieve the pressure on a CISO who feels personally at fault when something goes awry.
And when CISOs are feeling stressed, you must prioritize their mental well-being. This can involve providing access to mental health resources and support, encouraging work-life balance and promoting stress management techniques. You don't just want to keep CISOs in their jobs—you must ensure they have the mental and emotional resilience to excel.
By taking a holistic approach to supporting your CISO, you can help them blossom and better protect your employees, customers and brand against cyberattacks.
Giving CISOs The Security They Need
As soon as your company understands that its success correlates directly with the CISOs, your overall security posture will improve.
Fortunately, the ProofPoint survey showed that 84% of CISOs believe their board members agree with them on cybersecurity issues and that 86% of employees understand their role in protecting the organization. It's a highly important role—and it's becoming more highly regarded, too. But recognition alone is not enough.
By providing unwavering support, giving your CISO the requisite tools and resources and fostering a culture of shared responsibility for cybersecurity, your company can build a resilient defense against even the most determined adversaries.
The alternative—failing to have your CISO's back—is a risk no organization can afford to take.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
