CISO role follows evolution of CIO and CFO, according to IBM study

IBM survey of security professionals finds more CISOs moving from technology roles into more strategic business ones

The role of the Chief Information security officer (CISO) is following in the same direction as the CIO and chief financial officer (CFO), with a shift towards more strategic organisational responsibilities according to research from IBM.

With 130 respondents, IBM’s Centre for Applied Insights survey revealed how 25% of security chiefs seem to be shifting from just a technology focus role into a business leadership one.

Martin Borrett, director of IBM Institute for Advanced Security Europe, said this shift is driven by events that have happened over the last 12-18 months.

“2011 saw several high profile security incidents, so much so that it was named the year of the security breach. Coupled with new and more sophisticated attacks, means ad hoc security methods are no longer acceptable. A more integrated and holistic approach is now needed, which is more business centric,” he added.  

According to IBM’s survey nearly two thirds of the CISO’s questioned said their senior executives are now paying more attention to security, then they were two years ago.

Borrett said: “Security is an evolving challenge that is constantly changing, so it is now discussed at boardroom level and is viewed as more important.”

IBM noticed three different types of leaders from its security survey; The Influencer, Protector and Responder.

The ‘Influencer’ is what IBM calls senior security executives that influence business strategies and are overall more confident and prepared than their peers. The ‘Protector’ and ‘Responder’ are more technically mature and look for new technology to fill security gaps.

Business professionals need to be adaptable. Adaptability is very important as new security attacks are always just around the corner. IBM looks for, and tries to develop, a ‘T’ shaped person - someone that has technical skills and knows how to apply them in different domains. We try to make the ‘T’ deeper at the bottom and broader at the top,” added Borrett.  

More than half of the survey’s respondents cited mobile security as a primary technology concern over the next two years. In addition two-thirds said they expect information security spend to increase over the next two years. Of those two thirds, 87% anticipate a double digit increase.

Borrett concluded: “Mobile security was a top technology challenge across all three group areas. There are many new challenges that come with mobile technology so it’s not surprising it’s at the top of organisations’ security list.”

Read more on Privacy and data protection