There is rising demand for security experts in companies, with both IT directors (CIO) and chief security officers (CSO) making it a priority to secure their enterprise from potential cyber attacks, according to IDG’s 2015 CIO/CSO Partnership survey.
Security has become a priority as enterprises are defending against a growing number of security breaches and dedicating resources to comply with industry regulations.
Although a majority of CIOs (77%) strongly believe that hiring someone as CSO eases the task of focusing on security, not all organizations have employed security officers (CSO). In the survey, only 50% of CIOs stated that their organizations employ a CSO.
Even though there is a disconnect, security conversations are still taking place. Nearly two-thirds (65%) of CIOs said they meet with their CSO/CISO at least weekly, and 78% of CSOs/CISOs agreed. These conversations are in addition to formal strategy sessions to discuss security concerns and technology initiatives that CIOs and CSOs said occur at least monthly.
The main issues discussed during these meetings include audit issues and findings, mitigating existing and emerging risks, compliance issues, and building security into new technology solutions.
“As businesses realize the benefits technologies can deliver, they are also coming to terms with the risks associated with those technologies,” said Bob Bragdon, publisher of CSO. “The CIO and CSO relationship is at the epicenter for helping organizations meet their full potential while mitigating risk.”
Despite an increasingly collaborative relationship, the differing roles and priorities of CIOs and CSOs create room for security concern, says the report. The greatest problem with IT security is that security decisions are being made after business decisions. But some CIOs say they discuss security concerns throughout the purchase process of new solutions, with a focus on security at the beginning when they are determining technical requirements (81%) and evaluating products and services (80%).
“Security impacts almost every aspect of a business, and its importance within technology continues to rise,” said Adam Dennison, senior vice president and publisher of CIO. “Having business leaders like the CIO and CSO work together to protect potential vulnerabilities and educate [line of business] colleagues is crucial. The fact that security considerations are ingrained in the technology purchase process from the beginning is a strong step toward ensuring organizational assets and reputation are protected against potential incidents.”