The risk posed by cybersecurity vulnerabilities has never been greater. As senior executives face greater accountability for cybersecurity risk from regulators, investors, and other stakeholders, FTI Consulting set out to build upon our inaugural CISO barometer – which surveyed CISOs and information security leaders on rising pressures on their roles, leadership, and operations – to better understand C-suite executives’ perceptions and expectations of their CISOs. While the initial survey uncovered a communications gap between CISOs and executives, these new findings indicate the perceived gap feels even greater to the 
C-suite.

Key Insights

Expectations of CISOs increase as companies remain vulnerable to cybersecurity threats

Incidents are increasing with 9 in 10 respondents claiming they have experienced a cyber incident in the last 12 months, and 87% of executives reported they have increased their CISOs’ decision-making power, likely to account for this rise in threats.

CISOs aren’t fully prepared to communicate with leadership.

One-in-three senior executives perceive their CISOs as being hesitant to raise potential vulnerabilities to leadership’s attention, with a similar proportion believing their CISO is making things sound more optimistic than they actually are.

Nearly four-in-ten of execs feel their CISO is not completely prepared to communicate with key internal and external stakeholders, with more than one-third not fully prepared to communicate with leadership.

CISOs struggle to demonstrate key proficiencies to Execs.

31% of execs do not fully understand technical concepts used by the CISO.
58% of CISOs struggle to communicate technical language in a way senior leadership can understand (from 2022 CISO Survey).
62% of executives reported their CISOs’ direct communication skills do not exceed their expectations.
66% of CISOs feel senior leadership struggles to understand their role (from 2022 CISO Survey).

Execs support training programs for CISOs, with many citing it as an immediate need.

98% execs support more funding for CISO communications and presentation training.
45% say there is an immediate need, especially for companies with more than 2,500 employees.
Executives say the biggest gaps to address in training are related to anticipating threats, raising employee awareness, communicating ROI, and cyber risk.

Download Report
"The CISO Redefined research is a window into what our team sees as a common pain point in cybersecurity governance and management –no matter what geographical region the organization operates in– the CISO struggles to appropriately and confidently communicate with the Board and the C-suite. Given that cybersecurity continues to be a top risk and governance issue for organizations globally, I recommend all Directors, C-suite leaders and CISOs alike read this research to better understand how to find common ground and where the disconnects lie."
Meredith Griffanti
Global Head of Cybersecurity & Data Privacy Communications

CISOs' Challenges Communicating to Senior Leadership

Interestingly, both CISOs and C-suite executives recognize the misalignment and challenges facing the CISO role within an organization.

Feel senior leadership does not fully understand the CISO role within the organization.
0 %
Feel like they have to make things sounds better than they really are in front of the board.
0 %
Struggle to communicate technical language to senior leadership in a way that they can understand.
0 %

To Close the Communications Gap and Address the Organization Risk, Executives Support CISO Communications Training

Support more funding—with many characterizing this as an immediate need for CISOs as part of their organization’s cybersecurity preparedness.
0 %

Top 5 Topics for CISO Communications Training

Strategies to Anticipate and Counteract Future Cyber Threats and Trends
0 %
Collaborative Approaches to Security Awareness Training for Employees
0 %
Methods for Quantifying and Communicating Cybersecurity Risks to Stakeholders
0 %
Guidance on Communicating Technical Information in a Clear and Precise Manner
0 %
Approaches to Building a Proactive and Adaptive Cybersecurity Culture
0 %
Download Report

Methodology

FTI Consulting’s Digital & Insights team conducted a survey online among n=787 C-suite executives at organizations with 500+ employees across FTI’s key industries. Conducted online in November 2023. Previous research was conducted in 2022 among n=165 CISOs.

Global Regions

We collected data from 5 continents.

Global Regions

Including the United States, Latin America, Europe and APAC

Industry Sectors

We analysed FTI's key industries.

Industry Sectors

This includes Retail, Industrials, Healthcare & Life Sciences, Financial Services, Tecnology, Media & Telecomms, and more.

Annual Revenue

Connecting with global giants

Annual Revenue

$21.5 Trillion Sum Aggregate Revenue and $27 Billion Average Revenue

Large Employee Base

Exploring some of the world's biggest businesses

Large Employee Base

3,690,00 Total Employees and 4,700 Average Number of Employees

Dual Sector Analysis

Navigating both the public and private sector

Dual Sector Analysis

59% of respondents came from the private sector with 41% from the public sector.

Business Leaders

Insight from key decision makers.

Business Leaders

We spoke to CEOs, VPs, CFOs, C-Suite and Directors/Managers.
"Executives reported that cybersecurity budgets will increase an average of 23% over the next one to two years, with an even further projected increase of 36% more than current budgets in the next three to five years. Notably, employee training and security awareness programs are listed as the second highest priority for organizations to make this year, as C-suite executives expecting their information security teams to invest time and money into internal information sharing."
Orla Cox
Orla CoxCybersecurity & Data Privacy Communications
"There’s a clear friction point between C-suite communication expectations and a CISO’s operational reality. CISOs are being asked to serve as company spokespeople but are simply not prepared to do so."
James Condon
James CondonManaging Director and Head of Research
"Your two greatest allies [in a breach] are communication and optionality. Communication is being able to lay out the story of where things are, and to make sure everyone is rowing in the same direction. It’s being able to communicate the current status, and your plans, to regulators—and at the same time being able to reassure your customers and make sure they have confidence that you’re going to be able to navigate to the other side."
Evan Roberts
Evan RobertsCo-Head, Cybersecurity & Data Privacy Communications
"Amidst today’s risk landscape, new regulations, and increasing scrutiny, CISOs must work to master a business-centric skillset to meet the new demands of their evolving role."
Jamie Singer
Jamie SingerCo-Head, Cybersecurity & Data Privacy Communications
Previous
Next
Download Report

2022 Report

CISO: Communications Redefined

CISO: Communications Redefined – Navigating
the Journey from Control Room to Board Room