CISOs on job market could benefit from breach experience, report says

Chief information security officers might not consider it a badge of honor to have presided over a data breach. But many organizations are prioritizing hiring CISOs with experience in managing them.
By Benjamin Harris
10:27 AM

As awareness of the critical importance of cybersecurity has grown across healthcare, so has cognizance of the fact that vulnerabilities aren't going away – and may only be on the increase. With it has come the rise of the chief information security officer, as a key strategic leader for health organizations that understand the value of their data.

WHY IT MATTERS
That might explain one notable finding of a new report from security vendor Optiv, which finds that many health organizations are not only willing but would prefer to hire a chief information security officer who has experienced a data breach.

Most organizations' cybersecurity literacy has spread broadly beyond the CISO rank to most of the executive class. Because of the major financial, privacy, and publicity damages they can cause, preventing security breaches has now become a top-tier priority for businesses.

While security has in the past been hampered by the "speed of business," respondents said that the better understanding of the importance of cybersecurity has lead to greater alignment between CISOs and business leaders.

In fact, Optiv found that seasoned cybersecurity professionals fared particularly well: 58% polled said that having experienced a data breach made them more desirable as hires.

Despite the advances in the profession, many of the biggest and most basic security functions are still left wanting.

Optiv found that most CISOs weren’t worried about the need to scan for and patch network vulnerabilities, even though unpatched software is still a major cause of breaches.

CISOs ranked highly the need to educate employees on proper security practices, and to promote security along with development.

THE LARGER TREND
With cybersecurity threats becoming ever more elaborate and inflicting ever greater damage, it isn’t surprising to see numbers that show CISO roles vaulting in importance.

Knowing which guidelines are most current or being able to stay one step ahead of sophisticated cybercriminals is becoming an increasingly valuable commodity in executive suites.

As the importance of network security continues to be paramount for any healthcare system, the role of CISO is certain to remain crucial. In fact, the Optiv report says the capacity for a CISO being named CEO is high, given their ability to understand the business demands of cybersecurity.

ON THE RECORD
"With the rise of the data breach epidemic, and the imposition of comprehensive privacy regulations like the EU’s General Data Protection Regulation and the California Consumer Privacy Act, cybersecurity has become a tier-1 business risk – and, as a result, the CISO’s role has changed dramatically," said researchers in the report. "Combined with CEOs being held accountable by boards for cybersecurity issues, this has helped to elevate some CISOs to a level commensurate with CIOs and other C-level executives.

"Some organizations are farther along this evolutionary curve than others," they added. "There still are many that keep CISOs relegated to their traditional technical roles, but others view the CISO as an important part of next-generation digital transformation and other business initiatives, because they know that major security or compliance miscues can derail the business."

 

 
Benjamin Harris is a Maine-based freelance writer and former new media producer for HIMSS Media.
Twitter: @BenzoHarris.