Survey: CISOs Still Fighting for Respect from the C-Suite

Maksim Kabakou/

CISOs might be in charge of defending their organization against cyberattacks, but C-level executives appear to have little respect for them, according to a recent survey.

Despite serving as an organization’s primary line of defense against the increasingly pervasive threat of a cyberattack, the position of chief information security officer is widely misunderstood and undervalued by C-level executives, according to a recent survey.

The report, which polled more than 200 executives at organizations with CISOs, was conducted by ThreatTrack Security, a cyber-defense firm. More than half of the survey respondents said they didn't think these security officials should have a say in one of the most influential aspects of their work -- deciding what cybersecurity tools to purchase.

At the same time, only a small minority of respondents -- 26 percent -- said CISOs should be part of an organization's senior leadership team, according to the report.

Even so, a clear majority of executive said they think security officers should still be held responsible internal data breaches. 

The contradictory opinion of wanting to give these security officials little authority, but blaming them when problems arise, could be simply a case of misunderstanding, according to the survey.

The role of CISO is less than a decade old, so many C-level executives may not yet have a clear understanding of where and how they fit in their organization, the authors of the report accompanying the survey results surmised.  

“Confusion about the role indicates that organizations must do a better job of understanding and elevating a position that is vital in the fight against cybercrime,” the study stated.

The lack of respect for these security officials' decision-making ability could also be a result of C-level executives viewing them as specialists instead of management experts, the report explained. 

When the survey asked whether “CISOs typically possess broad awareness of organizational objectives and business needs outside of information security,” about two-thirds of respondents did not agree. A small percentage of them even went so far as to say that a decision made by a security official had had a negative effect on their organization’s bottom line.

And only about a quarter of those polled said they think CISOs are having an important positive influence on day-to-day security.

When the poll converted all of these factors into a single letter grade, only about a quarter of the poll’s respondents awarded their CISO an A. About 72 percent gave their CISOs a B or a C.

(Image via Maksim Kabakou/