April 19, 2016 By Christophe Veltsos 2 min read

This is the final installment in our three-part series on securing the C-suite. Be sure to read Part 1 and Part 2 for more information.

Chief executive officers (CEOs) are under intense pressure from all sides. From an economic perspective, areas that were once the domain of a few favored organizations are now ripe for disruption by newcomers. Indeed, according to IBM’s “Redefining Competition: Insights From the Global C-suite Study – The CEO Perspective,” CEOs believe technology is the chief external influence on their enterprises. More specifically, cybersecurity issues have crashed into the C-suite and the boardroom, and top leadership is under the spotlight when it comes to achieving an acceptable cyber posture.

Getting the CEO Involved in Security

A 2016 report from the IBM Institute for Business Value, “Securing the C-Suite: Cybersecurity Perspectives from the Boardroom and C-Suite” provided valuable insights for CEOs about the dynamics within the C-Suite and their impact on cybersecurity.

Chief among the findings of the report is the disconnect between the technological leaders (CIO, CISO and/or CRO) and the rest of the C-suite. CMOs, CFOs, CHROs and even CEOs are reported to be the least engaged when it comes to cybersecurity threat management activities. These executives often feel as though cybersecurity preparations didn’t include them in a functional approach, according to the report. CEOs were the most skeptical of all CXOs when asked whether the cybersecurity strategy of their enterprise was “well-established.”

While it could be tempting for the CEO to ignore these warning signs and relegate them to the concerned parties to fix (i.e., the CIO/CISO/CRO on one side and the rest of the C-suite on the other), doing so would signal to the rest of the C-suite that cybersecurity isn’t much of a concern. As to the wisdom of such a stance, the number of CEOs that have lost their jobs — or quit voluntarily — after a major data breach speaks for itself.

CEOs cannot afford to be complacent about security, and that means everyone in the C-suite has a role to play. If there’s a disconnect, the CEO must send a clear signal that all parties are to work out their differences — or in some cases their indifference — to own up to their responsibilities and help lead the organization toward a healthier cybersecurity posture.

Collaborating for Success

In its “Exploring the Inner Circle: Insights From the Global C-Suite Study” report, IBM found that “the ability to collaborate is the most important factor” and that “how the members of the C-suite collaborate is as significant as the extent to which they collaborate.”

An accompanying report shed light on three specific sets of collaborations within the C-suite that resulted in top-performing organizations: the CEO-CIO-CMO relationship, the CEO-CFO-CMO relationship and the CEO-CFO-CHRO relationship.

Beyond those relationship triangles, the selection of the CISO and placement of this role within the organization is also going to have a significant impact on the nature of the conversations around cybersecurity.

How should CEOs proceed forward to tackle cybersecurity? The “Securing the C-Suite” report provided key recommendations, including striving to “make cybersecurity an intrinsic part of business processes and decisions.” Building security into the organization and then having the CEO remain involved is critical to a business’s long-term success.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today