The evolution of a CISO: How the role has changed

In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.

With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt to meet the cyber challenges of the future?

The CISO’s role in the past

Steve Katz became the world’s first CISO when he took the position at Citicorp/Citigroup in 1995. From the beginning of his CISO journey, Katz realized that the role was not just an IT position; it was about serving the business by reducing risk. In the following years, other organizations added this new position, with the CISO reporting to the CIO in most organizational structures. While many CISOs recognized the true nature of their role, the rest of their organizations were often not on the same page.

In time, CISOs found themselves managing issues outside their organizations, such as building partnerships, working with suppliers and managing external data transmissions. However, many organizations felt the role still primarily remained in the IT realm, with the foremost responsibility of keeping the business from making headlines due to a major cybersecurity breach or attack. This meant that many CISOs mainly focused on complia ..

Support the originator by clicking the read the rest link below.