Luke Vile, cybersecurity expert at PA Consulting, discusses the role of the chief information security officer and CISO’s top concerns for 2020.
The article notes that the global cybersecurity industry is growing rapidly. Market researchers at IDC believe spending in the sector will reach almost $134 billion by 2022. The industry also employs just short of a million people in the US alone, according to Cyberseek. There are currently around 500,000 unfilled jobs in the sector. At the head of that vast – and growing – army of specialists in many large organizations is the chief information security officer, or CISO. But growing numbers of smaller organizations are appointing CISOs, too. CISOs are also increasingly likely to report directly to the board, or to sit on the board themselves. And he or she is the guardian of one of the business’s most important assets: data.
Luke says that most CISOs work in medium to larger businesses, but this is changing. CISOs are most likely to work in companies with 250 or more workers. “As a result of the digital economy, CISOs are found more widely across all sectors, both private and public.” CISOs are also more common in highly regulated industries, including finance and the utilities, as well as tech-focused start-ups.
Luke continues: “The most common misconception is that a CISO should come from a highly technical – for example software and coding – background. Many CISOs’ primary responsibility is to deliver a strategic security programme across their organisation. Although a breadth of security and technical insight and knowledge is required to deliver a security programme, a deep-rooted background and individual expertise in software security is not necessary.”
Regarding top concerns for 2020, Luke points to ongoing regulatory pressures.
One thing is clear: the CISO’s job is valuable and can be rewarding – but it will never be easy.