Only 1 in 7 security chiefs report to the CEO

While 82% of company boards worldwide are concerned or very concerned about cybersecurity, few security chiefs report directly to the CEO, according to a study by ISACA and RSA Conference.

The global study of security industry professionals shows that only 14% of CISOs report to their CEO, and 7% report to the board, indicating a continuing gap between the beliefs and actions of board members in terms of cybersecurity.

Instead, 63% of CISOs report to the CIO, the research shows. The report states that this is an “unfortunate” reporting structure, as it positions security as a technical issue rather than a key business concern.

Yet 74% of security professionals expect to be cyberattacked in 2016, and 30% experience phishing attacks every day.

In addition, only 75% of respondents were confident in their team’s ability to detect and respond to security incidents, down from 87% in 2014. Even among this 75%, six in 10 don’t believe their staff can handle anything beyond simple cybersecurity incidents.

Finding the talent to increase preparedness is a major issue, with 56% of security leaders stating that fewer than half of job candidates are considered ‘qualified upon higher’, and 26% needing six months to fill a cybersecurity position.

“The lack of confidence in current cybersecurity skill levels shows that conventional approaches to training are lacking,” ISACA Chief Knowledge Officer Ron Hale said.

“Hands-on, skills-based training is critical to closing the cybersecurity skills gap and effectively developing a strong cyber workforce.”

Image courtesy of Matt Chang under CC