April 19, 2016 By Christophe Veltsos 2 min read

This is the final installment in our three-part series on securing the C-suite. Be sure to read Part 1 and Part 2 for more information.

Chief executive officers (CEOs) are under intense pressure from all sides. From an economic perspective, areas that were once the domain of a few favored organizations are now ripe for disruption by newcomers. Indeed, according to IBM’s “Redefining Competition: Insights From the Global C-suite Study – The CEO Perspective,” CEOs believe technology is the chief external influence on their enterprises. More specifically, cybersecurity issues have crashed into the C-suite and the boardroom, and top leadership is under the spotlight when it comes to achieving an acceptable cyber posture.

Getting the CEO Involved in Security

A 2016 report from the IBM Institute for Business Value, “Securing the C-Suite: Cybersecurity Perspectives from the Boardroom and C-Suite” provided valuable insights for CEOs about the dynamics within the C-Suite and their impact on cybersecurity.

Chief among the findings of the report is the disconnect between the technological leaders (CIO, CISO and/or CRO) and the rest of the C-suite. CMOs, CFOs, CHROs and even CEOs are reported to be the least engaged when it comes to cybersecurity threat management activities. These executives often feel as though cybersecurity preparations didn’t include them in a functional approach, according to the report. CEOs were the most skeptical of all CXOs when asked whether the cybersecurity strategy of their enterprise was “well-established.”

While it could be tempting for the CEO to ignore these warning signs and relegate them to the concerned parties to fix (i.e., the CIO/CISO/CRO on one side and the rest of the C-suite on the other), doing so would signal to the rest of the C-suite that cybersecurity isn’t much of a concern. As to the wisdom of such a stance, the number of CEOs that have lost their jobs — or quit voluntarily — after a major data breach speaks for itself.

CEOs cannot afford to be complacent about security, and that means everyone in the C-suite has a role to play. If there’s a disconnect, the CEO must send a clear signal that all parties are to work out their differences — or in some cases their indifference — to own up to their responsibilities and help lead the organization toward a healthier cybersecurity posture.

Collaborating for Success

In its “Exploring the Inner Circle: Insights From the Global C-Suite Study” report, IBM found that “the ability to collaborate is the most important factor” and that “how the members of the C-suite collaborate is as significant as the extent to which they collaborate.”

An accompanying report shed light on three specific sets of collaborations within the C-suite that resulted in top-performing organizations: the CEO-CIO-CMO relationship, the CEO-CFO-CMO relationship and the CEO-CFO-CHRO relationship.

Beyond those relationship triangles, the selection of the CISO and placement of this role within the organization is also going to have a significant impact on the nature of the conversations around cybersecurity.

How should CEOs proceed forward to tackle cybersecurity? The “Securing the C-Suite” report provided key recommendations, including striving to “make cybersecurity an intrinsic part of business processes and decisions.” Building security into the organization and then having the CEO remain involved is critical to a business’s long-term success.

More from CISO

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today