The risk posed by cybersecurity vulnerabilities has never been greater. As senior executives face greater accountability for cybersecurity risk from regulators, investors, and other stakeholders, FTI Consulting set out to build upon our inaugural CISO barometer – which surveyed CISOs and information security leaders on rising pressures on their roles, leadership, and operations – to better understand C-suite executives’ perceptions and expectations of their CISOs. While the initial survey uncovered a communications gap between CISOs and executives, these new findings indicate the perceived gap feels even greater to the
C-suite.
Key Insights
Expectations of CISOs increase as companies remain vulnerable to cybersecurity threats
Incidents are increasing with 9 in 10 respondents claiming they have experienced a cyber incident in the last 12 months, and 87% of executives reported they have increased their CISOs’ decision-making power, likely to account for this rise in threats.
CISOs aren’t fully prepared to communicate with leadership.
One-in-three senior executives perceive their CISOs as being hesitant to raise potential vulnerabilities to leadership’s attention, with a similar proportion believing their CISO is making things sound more optimistic than they actually are.
Nearly four-in-ten of execs feel their
CISO is not completely prepared to
communicate with key internal and
external stakeholders, with more
than one-third not fully prepared to
communicate with leadership.
CISOs struggle to demonstrate key proficiencies to Execs.
31% of execs do not fully
understand technical concepts
used by the CISO.
58% of CISOs struggle to
communicate technical language
in a way senior leadership can
understand (from 2022 CISO Survey).
62% of executives reported their
CISOs’ direct communication skills do
not exceed their expectations.
66% of CISOs feel senior leadership
struggles to understand their role
(from 2022 CISO Survey).
Execs support training programs for CISOs, with many citing it as an immediate need.
98% execs support more funding
for CISO communications and
presentation training.
45% say there is an immediate
need, especially for companies
with more than 2,500 employees.
Executives say the biggest gaps to address in training are related to
anticipating threats, raising employee awareness, communicating
ROI, and cyber risk.
CISOs' Challenges Communicating to Senior Leadership
Interestingly, both CISOs and C-suite executives recognize the misalignment and challenges facing the CISO role within an organization.
To Close the Communications Gap and Address the Organization Risk, Executives Support CISO Communications Training
Top 5 Topics for CISO Communications Training
Methodology
FTI Consulting’s Digital & Insights team conducted a survey online among n=787 C-suite executives at organizations with 500+ employees across FTI’s key industries. Conducted online in November 2023. Previous research was conducted in 2022 among n=165 CISOs.
Global Regions
Global Regions
Industry Sectors
Industry Sectors
Annual Revenue
Annual Revenue
Large Employee Base
Large Employee Base
Dual Sector Analysis
Dual Sector Analysis
Business Leaders
Business Leaders
2022 Report
CISO: Communications Redefined
CISO: Communications Redefined – Navigating
the Journey from Control Room to Board Room