C-suite execs often see CISOs as cybersecurity scapegoats

Almost half of C-level executives throughout all industries lack confidence in their chief information security officer (CISO), often viewing him or her as a scapegoat when data breaches occur, according to a recent survey.

Security vendor ThreatTrack surveyed 200 C-level executives for the report, and found that 75 percent of respondents didn't think CISOs deserved to be part of an organization's leadership team.

Respondents in the healthcare sector were particularly harsh when grading CISOs on performance. Only 8 percent of respondents in the industry gave their CISOs an "A" grade. Fifty-four percent of healthcare respondents, however, said their CISO would be successful in another leadership role.

Often, a CISO works under the chief information officer at a company, the survey found, with 70 percent of CISOs reporting to their CIO. That number also was high (69 percent) in the healthcare industry.

However, these views could change as increasing cybersecurity attacks--the latest of which is a breach at UCLA Health that could impact 4.5 million--cause the role of the CISO to become more prominent in healthcare.

The healthcare security problem also highlights the changing roles of CIOs and CISOs. That includes to whom a CISO should report.

For CISOs to gain more respect from their colleagues, they should assert themselves in the corporate structure and improve communication on their decisions and accomplishments throughout the organization, the survey's authors say.

To learn more:
- here's the survey