Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Not ideal—that’s the takeaway from recent research about CISO candidates and their fitness for the boardroom.
A June report from IANS Research, Artico Search, and The Cap Group says only 14% of CISOs have four out of five traits considered by many to be important for the boardroom: infosec tenure, broad experience, scale, advanced education, and diversity.
A high percentage of the not-really-ready-for-the-shareholder-suite security officers presents a challenge for organizations as the Securities and Exchange Commission proposes rule changes that require boards to designate cybersecurity expertise.
“Boards are probably going to scramble to figure out how [to] make an existing member check the box, whether it’s someone who’s been the CIO or that is overseeing technology, but it’d be great over time if we see opportunities for true security professionals to step in and truly serve in the capacity, because they have the experience and the knowledge,” Erica Wilson, VP, global cybersecurity and privacy risk management at Reinsurance Group of America, told a crowd at RSA this year.
In March 2022, the SEC proposed mandating a disclosure of “cybersecurity expertise” on the board. According to the IANS data, some CISOs are more prepared than others.
The IANS and co. review of CISOs from companies listed on the Russell 1000 Index, pulled from publicly available sources and self-reported info, found:
- 33% are “strong” candidates, meeting three out of the five board traits and nearly all having served as CISO for at least five years. The group, however, has “notably lower percentages for diversity and cross-functional experience than the pool of ideal candidates.”
- 52% are “emerging” candidates, only holding one or two of the desired characteristics—frequently infosec tenure and scale.
For those in need of board traits, the report recommended brushing up on the “soft skills,” including engaging with the C-suite and board quarterly and understanding their challenges and priorities. Other report recommendations included investing in additional education like an MBA and trusted certifications from orgs like the National Association of Corporate Directors and major universities.
“Our data shows there is a large portion of the population of CISOs who could emerge as board-ready in the next several years. Both boards and CISOs would benefit from aligning on expectations for a board-ready cyber expert, preparing this CISO community aggressively to help meet long-term board needs,” said Steve Martano, a partner and executive recruiter in Artico Search’s cyber practice, in the report.