Shifting Regulations and Emerging Threats Cause Nearly a Third of CISOs to Consider Leaving Their Roles

A new Devo and Wakefield Research survey found that 66% of CISOs have taken action to protect themselves from legal fallout

Devo Technology, the security data analytics company, today unveiled the results of a new study examining the evolving role of the CISO and their sentiments toward the shifting threat and regulatory landscape. The survey found that new regulations, such as the U.S. Security and Exchange Commission’s (SEC) cybersecurity rules, have caused CISOs to reconsider their roles and take action to protect themselves should they find themselves involved in legal trouble.

The survey, conducted by Wakefield Research on behalf of Devo, demonstrates that many CISOs feel uneasy about emerging regulations and new threats and also feel there is a general lack of understanding about the CISO role.

CISOs Eye the Exit and Focus on Protecting Themselves
Respondents to the survey reported they felt the pressure of their roles mounting on them. More specifically:

  • Nearly one in three (32%) of the CISOs surveyed think about leaving their roles because of the constantly changing threat and regulatory environment.
  • A strong majority (66%) have taken action to protect themselves, with 52% of the respondents saying they obtained an indemnification agreement with their organization to ensure the company covers the costs of defending against any potential lawsuits or investigations.
  • Furthermore, 47% of respondents asked their organizations to provide personal liability insurance or other cyber liability policies, while 31% sought outside legal counsel to protect themselves.

Recommended : Key Insights Into The Utility Of AI In The College Application Process

The SEC Cybersecurity Rules in Focus
The regulatory landscape constantly shifts, with new country- and industry-specific regulations emerging regularly. The SEC cybersecurity rules are the latest and most-discussed rules recently implemented, and CISOs have poignant thoughts about them:

  • 54% of the survey respondents said they were not very prepared to comply with the new SEC rules, especially those at companies with 2,500 or more employees (61%).
  • CISOs admit to struggling with the SEC rules due to issues relating to internal alignment between departments (30%) and their ability to gather data from different departments (27%).

Split Reporting Structures and CISO Role Ambiguity
The survey found that not all CISOs have a direct line to the CEO. Additionally, the survey shed light on how CISOs felt the role was perceived across their organizations and what CISOs’ top priorities are going forward:

  • Over half (53%) of respondents report to their CIO or other IT leaders, while 44% report to their CEO. The survey found that those who reported to the CEO were more likely to struggle to comply with the SEC rules (97%) than those who reported to the CIO or other IT leaders (37%).
  • Over 60% of respondents reported that their organization is failing to communicate the CISO role, with a quarter of the respondents sharing that they think their organization doesn’t place enough emphasis on the importance of cybersecurity when speaking about the CISO role to the broader organization.
  • As CISOs navigate these challenges, the respondents were clear on their top three needs to do their jobs effectively, with 69% of CISOs focused on security technology integration, 68% on security strategy and governance, and 58% on legal compliance and collaboration.

“The CISO role is notoriously ambiguous, as security needs can vary greatly from one organization to another,” said Devo CISO Kayla Williams. “New regulations and threats are causing many to pause and reflect on whether they want this job and, if they do, how they can protect themselves. However, CISOs should look at emerging rules and regulations as an opportunity to advocate for what they need to do their jobs effectively.”

atest HRtech Interview Insights HRTech Interview With Lavonne Monroe, VP Of Global Talent Acquisition And Onboarding At HPE

[To share your insights with us, please write to psen@itechseries.com ]