CISOs, don't underestimate the importance of soft skills
There is increasing importance on Chief Information Security Officers (CISOs) having and developing the skill of emotional intelligence, according to a new report from F-Secure in conjunction with Omnisperience.
Traditionally, CISOs roles were treated as technical roles first, with secondary importance placed on non-technical skills. However, the new report suggests that this idea is quickly becoming obsolete.
The AES Corporations CISO Emeritus Scott Goodhart, who was interviewed for the report, says, “For companies, the technical aspects related to cybersecurity risks have become indistinguishable from other business risks.
"It just doesn’t make sense to treat attacks as only an IT or cybersecurity problem if they can potentially cost companies thousands or hundreds of thousands of dollars due to downtime, extortion payoffs, stolen intellectual property, etc.
"In a way, technical-only CISOs have become a thing of the past and replaced by a role that's explicitly relied on to address risk in a much broader, holistic way for organisations.”
The report states that two-thirds of CISOs interviewed understood the increasingly important role emotional intelligence plays in helping them understand, empathise, and negotiate with people inside and outside their organisation a key requirement given their expanding responsibilities.
In addition, three quarters of CISOs interviewed for the report indicated that their roles have changed from a pure focus on network risk to cover every aspect of technology now being deployed, with the changes being most pronounced to CISOs working in healthcare, manufacturing, and retail.
The report also found that most CISOs felt secure in their position at the time they were interviewed; slightly more than a third were considering leaving their position or changing professions.
Two-thirds of interviewed CISOs spent significant amounts of time with external communities of interest, such as CISO roundtable discussions.
Regulations and privacy were increasing responsibilities for over half of interviewed CISOs, and 65% of interviewed CISOs saw themselves as critical to their business.
F-Secure executive vice president of managed detection and response Tim Orchard says, "Today, CISOs are expected to understand and mitigate a wide variety of risks, and then relay that information regardless of how technical it is to everyone, from boards and company employees to external security professionals, regulators, and even law enforcement."
Orchard says, "The shift to relying more on soft skills began years ago. However, the pandemic highlighted how CISOs that proactively work with people inside and outside their organisations can be leaders for their companies.”
The report, CISOs New Dawn, is based on a series of in-depth interviews with 28 CISOs from the US, UK, and other European countries.