New IDC survey confirms how far CISOs have evolved

Savvy security leaders must enable the business and protect their organizations. 

In November 2023, IDC conducted an extensive global survey of 847 security leaders across 17 countries to better understand their roles, responsibilities, and realities on the job. Responses confirmed that the CISO role is evolving as they straddle dual duties as a cyber security leader and a business enabler.

The survey also showed today’s CISO role is much different than you might think. Many might believe a CISO’s sole responsibility is to assess risks develop, manage, and execute security programs to protect the organization. That is no longer the case. Survey responses showed that security practices must align with business and innovation initiatives. The modern CISO can capably balance strategic business needs with technical practice tactics.

Digital transformation is one ingredient that has necessitated the agility needed by CISOs. Connectivity via the internet, while boosting business growth, has also opened the doors for advanced cyber attacks. Cyber security is a top business priority, and the CISO must keep an organization’s assets safe.   

Other key IDC survey insights: 

  • Strategic thinking: CISOs think strategically about business goals and security technologies and architectures. Today’s landscape consists of networks, clouds, and assorted endpoints, and providing resilience to sophisticated cyber attacks is an all-consuming strategic process. 
  • Expanding CISO role: In addition to business enablers and guardians, as CISOs mature, they become legal and compliance advisors, risk managers, auditors, customer support leaders, and chief communicators. CISOs are extremely concerned with the inflationary impact on the budget rather than staffing
  • CISOs and CIOs: The CISO-CIO relationship is much more complex than most believe. Though aligned to work together, CISOs and CIOs are not always on the same page regarding IT and security priorities. For example, CISOs and CIOs have diverging opinions on the role a CISO may play in business resiliency. 

Strategic thinking   

Following is a sample response to a selected survey question:

Strategic skills are most important for a CISO

Several questions surveyed CISOs and CIOs on what they believe are the chief CISO roles and responsibilities. In response to “Thinking about strengths and skills that a CISO should possess, which of the following are most important?”

Figure 1: This is a partial list of responses

Expanding CISO role

Security executives are looking to drive business initiatives

In response to “What is the most important way you see your role evolving over the next 12-24 months?”

“As a practicing CISO from start-ups to enterprise organizations for many years, this survey validates many of my experiences. Being a CISO is an extremely challenging, continuously evolving role. As the security leader, you need to have a broad understanding of the business, technologies, regulatory and legal considerations, and strategic focus while contending with increasingly sophisticated cyber attacks. I believe this survey will inspire my fellow CISOs to know that we share many of the same insights and challenges no matter where they’re located around the world.” – Cindi Carter, Global CISO, Check Point   

CISOs and CIOs

CIO and CISO priorities are not aligned

In response to the following, “What are the CISOs areas of top priority with IT? What are the CIOs’ areas of top priority in working with cybersecurity?

Figure 2: This is a partial list of responses

CISOs are most focused on cybersecurity and vulnerabilities. CIOs are focused on seeking faster response times from IT, ensuring business continuity and resilience, and minimizing disruption, which are not on CISOs’ radar.

“Even though I’ve been an analyst covering the cybersecurity sector, I was surprised by the results, particularly the complex relationship CISOs have within their organizations. The survey insights really confirm and dispel what we believe about the CISO role and how far it has evolved. – Frank Dickson, Program VP Cybersecurity Products, IDC

In summary

“We are extremely proud to have commissioned this important research with IDC,” said Kristin Owens, VP of Corporate Marketing, Check Point. “This landmark survey helps cement what security and IT leaders around the globe believe about their roles, responsibilities, and realities on the job. It confirms that CISOs have evolved from a security head to also being a key enabler of business growth initiatives. Whether you’re a CISO, CIO, or other business or technical executive, there are takeaways for everyone.”

Share on