Light Dark
February 5, 2015 By Rick M Robinson 2 min read
CISO

As hacking attacks escalate, demanding media attention and costing businesses hundreds of millions of dollars, organizations are fighting back. Above all, they are learning to treat information security not just as a technical problem, but an ongoing challenge that extends across the enterprise.

Chief information security officers (CISOs) are emerging as the crucial players in the evolving understanding of security. Indeed, when the history of information security in the 21st century is written, the current era may well be recorded as the decade of the CISO.

The CISO and Growing External Threats

The changing role of information security in the enterprise is being driven by business leaders’ recognition of a rapidly evolving threat.

For the past three years, IBM has published its annual Chief Information Security Officer Assessment, which tracks CISOs’ perceptions of threats and how their organizations are responding. The most recent survey shows how external threats (hacking attacks) have pulled away and taken the lead from other security concerns.

The most recent high-profile attack on Sony Pictures Entertainment exemplifies the scope of this external threat. Risks are not confined to the most obvious potential victims, such as retailers, who must protect millions of customer account records. Any and all intellectual property is at risk of being compromised. The attackers may be motivated by financial gain, including extortion by threat of data destruction. Their motives can also extend to political causes or be sponsored by state intelligence agencies.

Security as a Policy Issue

Such ruthless and sophisticated attackers pose an existential threat to the enterprise. In response, as Brian Engle and Renee Guttman report at CSO Online, CISOs are being asked to provide technical knowledge and policy guidance. According to the National Association for Corporate Directors, “Cybersecurity is an enterprise-wide risk management issue, not just an IT issue.”

Engle and Guttman identify three key issues that enterprise leaders should consider in their security planning. They need to consider CISO access to top decision-makers and the overall governance of the security policy. They must also focus on training the next generation of security leaders, with emphasis on engaging board members and other key stakeholders.

Finally, while security breaches are driving headlines, enterprises cannot let headlines drive their security policies. Security must be proactive, not reactive to the most recent crisis.

Information security threats will continue to evolve, and the role of the CISO will evolve along with them. By bringing the CISO into the strategic discussion, enterprise leaders can keep their security framework pointing forward.

Download the IBM Report: Cybersecurity perspectives from the boardroom and C-suite

 |  |  | 
Rick M Robinson

More from CISO
December 30, 2024

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

December 13, 2024

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

December 11, 2024

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature