2022 saw a shift in responsibility for chief information security officers (CISOs). Coalfire's second State of CISO Influence report explores the expanding influence of CISOs and other security leaders.
The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.
Cloud migration was universally identified as one of those top business objectives. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing and new compliance requirements — all within constrained budgets. Forty-three percent of security leaders said their budgets remained static or were reduced following business migration to the cloud.
To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.
To see the full findings, the State of CISO Influence report is available here.