This is the final installment in our three-part series on securing the C-suite. Be sure to read Part 1 and Part 2 for more information.

Chief executive officers (CEOs) are under intense pressure from all sides. From an economic perspective, areas that were once the domain of a few favored organizations are now ripe for disruption by newcomers. Indeed, according to IBM’s “Redefining Competition: Insights From the Global C-suite Study – The CEO Perspective,” CEOs believe technology is the chief external influence on their enterprises. More specifically, cybersecurity issues have crashed into the C-suite and the boardroom, and top leadership is under the spotlight when it comes to achieving an acceptable cyber posture.

Getting the CEO Involved in Security

A 2016 report from the IBM Institute for Business Value, “Securing the C-Suite: Cybersecurity Perspectives from the Boardroom and C-Suite” provided valuable insights for CEOs about the dynamics within the C-Suite and their impact on cybersecurity.

Chief among the findings of the report is the disconnect between the technological leaders (CIO, CISO and/or CRO) and the rest of the C-suite. CMOs, CFOs, CHROs and even CEOs are reported to be the least engaged when it comes to cybersecurity threat management activities. These executives often feel as though cybersecurity preparations didn’t include them in a functional approach, according to the report. CEOs were the most skeptical of all CXOs when asked whether the cybersecurity strategy of their enterprise was “well-established.”

While it could be tempting for the CEO to ignore these warning signs and relegate them to the concerned parties to fix (i.e., the CIO/CISO/CRO on one side and the rest of the C-suite on the other), doing so would signal to the rest of the C-suite that cybersecurity isn’t much of a concern. As to the wisdom of such a stance, the number of CEOs that have lost their jobs — or quit voluntarily — after a major data breach speaks for itself.

CEOs cannot afford to be complacent about security, and that means everyone in the C-suite has a role to play. If there’s a disconnect, the CEO must send a clear signal that all parties are to work out their differences — or in some cases their indifference — to own up to their responsibilities and help lead the organization toward a healthier cybersecurity posture.

Collaborating for Success

In its “Exploring the Inner Circle: Insights From the Global C-Suite Study” report, IBM found that “the ability to collaborate is the most important factor” and that “how the members of the C-suite collaborate is as significant as the extent to which they collaborate.”

An accompanying report shed light on three specific sets of collaborations within the C-suite that resulted in top-performing organizations: the CEO-CIO-CMO relationship, the CEO-CFO-CMO relationship and the CEO-CFO-CHRO relationship.

Beyond those relationship triangles, the selection of the CISO and placement of this role within the organization is also going to have a significant impact on the nature of the conversations around cybersecurity.

How should CEOs proceed forward to tackle cybersecurity? The “Securing the C-Suite” report provided key recommendations, including striving to “make cybersecurity an intrinsic part of business processes and decisions.” Building security into the organization and then having the CEO remain involved is critical to a business’s long-term success.

More from CISO

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…

Laid Off by Big Tech? Cybersecurity is a Smart Career Move

Big technology companies are laying off staff as market conditions change. The move follows a hiring blitz initially triggered by the uptick in pandemic-powered remote work — according to Bloomberg, businesses are now cutting jobs at a rate approaching that of early 2020. For example, in November 2022 alone, companies laid off more than 52,000 workers. Companies like Amazon and Meta also plan to let more than 10,000 staff members go over the next few years. As noted by Stanford…