June 8, 2013 By Marc van Zadelhoff < 1 min read

During the last year, we did a lot of thinking about the role of the CISO, including a major survey we posted. As we embark on our next round of research I wanted to share a summary of how we see the Chief Security Officer role evolving. See below:

CISO Role Today CISO+ Role in Future
CISO’s Background
  • CISOs come from varied backgrounds
  • Often inherited the role
  • Moved up through the IT or business ranks
  • Some are hired from outside to create public perception
  • Proven track record to lead during a crisis
  • Knows how to take risks
  • Ability to manage & communicate clearly and concisely to upper management / Board
  • Heavy on business skills  / Lighter on technical skills
Reporting Line
  • CISOs typically reports to CIO; typically a layer in between CISO and CIO
  • Some CISOs report to COO
  • CISO+ reports directly to CIO
  • Have  responsibility for; Strategy, Policy, Ops, Compliance, Crisis Management
Level of Authority
  • Not always viewed as a key decision maker
  • Seldom an actual executive role
  • Often tactical and reactive
  • Transformational leader
  • Sr. level executive
  • Combined role of IT Risk Officer & CISO
  • Responsible for Initiatives & Ops
  • Strategic & pro-active
Areas of spend / Budget responsibility
  • Majority of budget directed at maintenance projects to keep current initiatives running
  • Other spending on pro-active initiatives and reactive projects
  • Majority of budget spending will be on transformational initiatives
  • Budgets should be a percent of the Enterprise budget since all functional groups have security requirements
Scroll to view full table

What do you think?  Do you agree with the role today and how it will evolve to a strategic role in the future?

As I mentioned, the IBM Client Insights team will be completing our second CISO survey soon. We’ll incorporate your comments in to that work!

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today