The reason why I’m asking this question is because even as financial service businesses recognize the centrality that cybersecurity must play in their operations, a recent survey released by The Financial Services Information Sharing and Analysis Center (FS-ISAC) indicates that CEO’s remain resistant to having their Chief IT person report directly to them. In fact, according to the 2018 survey of Chief Information Security Officers, just 8% of all cybersecurity heads at financial service businesses report directly to the CEO.
This is a real head scratcher to me since we’ve seen numerous examples, such as the breach of Equifax, of reputations destroyed and companies damaged as a result of cybersecurity mishaps. Reporting structures are not changing even as a majority of CISO’s report to their Board of Directors at least quarterly, sometimes more. Perhaps it’s time for Boards to emphasize base line technical knowledge as one of the attributes they look for in their top leadership. Not everyone needs to be Bill Gates but it is increasingly important for organizational leaders to know what questions to ask.continue reading »