The ascent of the CISO


The ascent of the CISO

Cyber everywhere. Succeed anywhere.

The chief information security officer (CISO) of the present is a different breed from that of the past. It has rapidly changed from a technology-oriented position to a business leadership-focused one, and it is an evolutionary process that is far from over.

By Sir Rob Wainwright | May 3, 2019

Explore Content


Just as the scale and seriousness of the cyber threat facing businesses has evolved in recent years, so too has the role of the chief information security officer (CISO). Cyber aggressors, including hostile states, organised crime gangs and lone hackers have become more numerous, focused and sophisticated. The methods at their disposal have become more innovative, varied and destructive.

Many businesses, but by no means all, have adjusted to this more hostile cyberspace. Those that have adapted have re-modelled their short-term tactical procedures and long-term strategies to improve their defences. They have invested in the latest detection and prevention software. They have got better at responding to breaches and getting operations back to normal as soon as possible. And they have elevated their CISOs, giving them more authority and more budget.

Cyber security is now being dealt with higher up the corporate ladder. In many cases, the CISO has become a close peer of the chief information officer (CIO). The role now demands business leadership as well as information security and technical skills, and the CISO is now being seen as a business partner not just a business protector.

The CISO’s department has become a much bigger cost centre than it ever was, and therefore has to demonstrate value for money. The argument has to be made that high security expenditure will, by reducing the incidence and severity of attacks, save the company money in the long run. If this argument is accepted, the CISO will be seen as a money saver.

Some companies, such as certain telecommunications and defence companies, have developed such sophisticated and effective security that they are able to sell their solutions to other companies and have spun off separate business to do so. In these cases the CISO has become a money maker, and thereby a good friend of the chief executive and finance director.

However, the rise of the CISO and is far from over. Strong cyber security is the foundation for a resilient company. With effective cyber risk management, businesses can achieve smarter, faster and more connected futures, driving business growth. As the cyber threats to business increase, the role of the CISO will become even more important.

Expand a section to learn more

It is fascinating to see how the position of CISO has evolved, from being a cost generator, to a value protector and, in certain cases, to a value adder. Different companies are at different stages of the evolutionary process, depending on a variety of factors such as management foresight, industry sector and country of operation. With a dynamic landscape such as cyber it calls for a new breed of cyber security leaders and there must be a continued acceleration of the CISO role in order to adapt to the ever-changing, cyber environment.

More information

Would you like to know more about the article and the evolving role of the CISO? Please contact Rob Wainwright via contactdetails below.

Did you find this useful?