SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
New research finds 93% of security leaders don’t report to the CEO
Wed, 23rd Jun 2021
FYI, this story is more than a year old

New research from LogRhythm finds that 93% of security leaders don't report to the CEO.

Security company LogRhythm has released a new report, Security and the C-Suite: Making Security Priorities Business Priorities, which finds while 60% of organisations have experienced a cyberattack in the last two years, and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO.

Despite this, 42% of respondents say the IT security leader should be the one held accountable for preventing or mitigating the consequences of a cyberattack.

The research was based on a global survey of 1,426 chief information, technology, and security executives, and aimed to gain a deeper understanding of the role and responsibilities of today's cybersecurity leaders, and also the challenges faced with creating a strong security posture.

Respondents to the research were located in the United States, EMEA, and Asia-Pacific.

Cybersecurity leaders say that while they've assumed more accountability and risk, they find it difficult to achieve the desired security posture. They say this is because they aren't seen as influential or valued members of their peer group.

Sixty percent of respondents believe the cybersecurity leader should report directly to the CEO, as it would create greater awareness of security issues throughout the organisation. However, because the majority of security leaders are only three steps away from the CEO, only 37% of respondents say their organisation values and effectively benefits from the expertise of the cybersecurity leader.

“While security leaders are assuming more responsibility than ever before, they lack the necessary organisational visibility and influence to effectively build and mature their security programs,” says LogRhythm chief security officer, James Carder.

“Comprehensive cybersecurity programs are integral to the success of an organisation. This research should spur CEOs to take accountability for safeguarding their organisation's sensitive information, prioritise the security program by elevating the security leader, and ensure inroads between security decision-makers, the C-suite and the board.

Accord to LogRythem, the significant increase of employees working remotely due to COVID-19 has created large security challenges for IT security leaders. It says these challenges are here to stay as enterprises adopt a hybrid work strategy to accommodate a distributed workforce, creating increased risk to sensitive and confidential information.

Some new security issues resulting from remote work practices:

  • 73% of respondents say less secure home networks are used by employees in their organisation. 
  • 68% of employees and contractors believe the organisation is not monitoring their activities. 
  • 67% say a family member uses a work device. 

On top of these challenges, 54% of respondents are worried about their job security, with 63% citing insufficient budget to invest in the right technologies as a major culprit. More than half of respondents say senior leadership does not understand their role, and another 51% of respondents believe that they lack executive support.