《Altrata:2023年美国首席信息安全官(CISO)报告(英文版)(20页).pdf》由会员分享,可在线阅读,更多相关《Altrata:2023年美国首席信息安全官(CISO)报告(英文版)(20页).pdf(20页珍藏版)》请在三个皮匠报告上搜索。
1、2023 Spotlight CISOs in the USThought leadership Delinian Limited and its affiliated companies.August 2023.This publication is for your information only and is not intended as an offer,or a solicitation of an offer,to buy or sell any product or other specific service.All information and opinions ind
2、icated are subject to change without notice.James Lavell Chief Executive Officer Richard Green Chief Commercial OfficerMark Hevey Senior Vice President and Global Head of Sales,Professional IntelligenceMichael Phillips Vice President,Marketing and CommunicationsAmanda Cifone Senior Marketing Directo
3、rMaya Imberg Senior Director,Head of Thought Leadership and AnalyticsNikoletta Szabo Associate Analyst,Thought Leadership and AnalyticsStephanie Warburton Director of Visual CommunicationsDawn Lastre Visual Communications Coordinator2023 Spotlight:CISOs in the USThe significance of the chief informa
4、tion security officer(CISO)has increased markedly over the past decade and the role is now considered essential to any organization.The CISO has to manage a balance between keeping an organizations data and systems safe while maintaining forward strategic momentum and keeping up with innovation.Will
5、iam OHern,SVP and CISO at Travelers(previously at AT&T),sums up the three pillars of the CISO role as:“mission,threat and innovation.These factors collectively provide balance to security leaders who seek to optimize their protection architecture and associated policies,programs and practices1.”This
6、 concise report shares direct insights from CISOs as they address these challenges.Using Boardroom Insiders unique,in-depth profiles of todays executive leaders,this studys insights span more than 440 individuals in CISO or equivalent roles at Fortune 5002 companies;we also draw on BoardExs unique a
7、nd proprietary Global Leadership Database.We take a deeper look into CISOs professional and educational backgrounds,interests and business priorities to provide a holistic view of the individuals who fulfill this important role.1 William OHern,March 2022,Prioritizing spending when setting a cybersec
8、urity budget,AT&T company blog.(Mr OHern was previously Global Chief Security Officer at AT&T)2 A list of the 500 largest companies by revenue that are either US incorporated or authorized to conduct business in the US and for which data is publicly available,published annually by Fortune magazine.K
9、ey takeawaysThe CISO must be able to balance risk with opportunity.The role entails coping with acute pressures,given the need to support innovation and corporate progress at the same time as protecting an organization from constantly evolving cyber threats.The need to innovate and promote growth we
10、re CISOs top priorities at the midpoint of 2023.We found that 55%of these CISOs were focusing on innovation,while around a third were prioritizing the customer experience,growing the enterprise business and scaling technology infrastructure.Travel and sports are among CISOs most popular pastimes and
11、 interests.These align with the hobbies of other top-ranking C-suite executives,while mentoring and volunteering also feature in the list.In common with other senior leadership roles,there is a significant gender imbalance,with only 16%of CISO positions held by women.At around 52 years old,the typic
12、al CISO is a little younger than leaders in the C-suite,likely due,in part,to the specific technical requirements of the role.CISOs often have professional backgrounds in the government and military.As well as the more typical training grounds for C-suite executives,such as consultancies,the US Army
13、,Navy and Air Force are among the top former employers of CISOs.West Point is one of the most common alma maters,along with Arizona State University and the University of Maryland,College Park.When it comes to senior-level experience,half of all current CISOs have held a senior role in technology at
14、 some stage in their careers.Altrata|2023 Spotlight:CISOs in the US|1 The rise of the CISOThe role of the CISO,which not long ago would have been regarded as a novelty,has increased in importance as businesses have digitalized and cybersecurity has become a significant concern to virtually every org
15、anization3.The CISO is tasked with looking to the future as a member of the businesss strategic senior or leadership team4.At the same time,they must work in close collaboration with members of the C-suite(often the chief information officer),to design an information security program to safeguard or
16、ganizational data and systems,and maintain a rigorous level of vigilance for the possibility of external cyber attack.In 2021,the number of data breaches in US companies climbed by 68%to 1,862,costing an average of$4.2m each5(not withstanding reputational damage).In 2022,the number of such breaches
17、held steady at slightly more than 1,8006.Accepting and balancing risk is vital in this role.Steve Hendrie,CISO at Hershey,said:Along with having a strong IT team by your side,you must have a good understanding of the business as well as know-how to take a balanced approach between risk and opportuni
18、ty7.”The support of the senior leadership team and internal recognition of the unusually acute pressures on the role are essential.3 Ken Steinhardt 2022,“The rise and importance of the Chief Security Information Officer,”Forbes,April 1,2022.4 Corporate leadership teams are sometimes referred to as t
19、he C-suite,executive committees or management boards.They usually include executive directors the most prominent of which is the CEO as well as a corporations top layer of management.5 IBM Security 2022,Cost of a Data Breach Report 2022.6 Ani Petrosyan 2023,“Annual number of data compromises and ind
20、ividuals impacted in the United States from 2005 to 2022,”Statista,April 1,2023.7 Steve Hendrie 2020,The ever-evolving information security and business IT landscape,Enterprise Security(via Boardroom Insiders).Balancing risk with opportunity is a vital aspect of the role.Altrata|2023 Spotlight:CISOs
21、 in the US|2 *Due to greater precautions around what is put in the public domain,average age data was based on a more limited sample.Sources:Boardroom Insiders and BoardEx,Altrata companies,July 2023 Gender,age and hobbies of current Fortune 500 CISOs84%Proportion of menGender,age and hobbies52Avera
22、ge age*Top five hobbies12345TravelTechnologyMentoringVolunteeringSports(general)Todays CISOsWho are the leading Fortune 500 CISOs of today and what are their characteristics as a group?Here we look at this cohort of individuals,examining their demographics,personal interests,professional experience
23、and educational backgrounds.Gender and age In common with leadership positions8,the gender imbalance in the role remains substantial,with only 16%of CISO positions currently held by women.This is better than the 10%share of female Fortune 500 CEOs,but almost on a par with that of CFOs,of whom women
24、account for around 18%at Fortune 500 companies.To increase the number of female CISOs,organizations will likely need to provide greater internal support and change their recruitment and career development practices for managers and people of influence9.The average age of a Fortune 500 CISO is 52 yea
25、rs.This is younger than the average age(56)of the Fortune 500 leadership team(the C-suite)as a whole.The CISO role is not typically included in the leadership team,which may explain the younger average age.However,it might also reflect a younger demographic among CISOs,who have gained their experien
26、ce in more nascent technology fields.There is also a lack of publicly available data in this regard as CISOs tend to be substantially less visible than most members of the leadership team,often by design.HobbiesSome of CISOs favorite hobbies are travel and sports,popular interests that are shared wi
27、th other senior executives10.Mentoring and volunteering also appear in the list.Technology features highly,which is not surprising given the requirements of the role.8 See Altrata,Global Gender Diversity 2023.9 Accenture Cybersecurity Forum Womens Council 2022,Rising to the Top how inclusive hiring
28、practices strengthen cybersecurity and resilience.10 See Altrata,Global Gender Diversity 2023.Altrata|2023 Spotlight:CISOs in the US|3 CISOs top interests align with those of other top-ranking C-suite executives,but CISOs are typically a little younger.Todays CISOsAltrata|2023 Spotlight:CISOs in the
29、 US|4 What sort of professional and educational backgrounds do Fortune 500 CISOs come from?Here we look at their career histories at the senior level and identify their most common former employers and higher education institutions.Senior professional experienceMany CISO have previously held a senio
30、r role on a board,leadership team or as part of senior management.In fact,around half of current Fortune 500 CISOs(51%)have held senior roles in technology at some stage in their careers.The fact that not all CISOs have accrued senior-level experience is likely due to the more recent recognition of
31、the roles importance.Senior roles in finance come a distant second(at 11%),indicating the added value of financial know-how in cybersecurity planning.Government experience(8%)is the only other category with a share greater than 3%,indicating the significance of regulatory knowledge and experience to
32、 the CISO role.Professional experience and educational backgroundFunctional experienceProportion of Fortune 500 CISOs senior-level experience by functional area At the executive board,leadership,and senior management levelNote:The data should not add up to 100%.Multiple experiences were possible per
33、 type and across functional areas.Data is not shown for CEO,CFO and private equity and IPO experience as the proportion with experience was very low.Source:BoardEx,an Altrata company,July 2023(Discovery platform)Technology51%Financial11%Government8%Operations3%Others(academic,private equity,marketin
34、g,sales,HR and legal)2%Altrata|2023 Spotlight:CISOs in the US|5 Interestingly,around 15%of Fortune 500 CISOs are employed in consultancy or advisory roles(sometimes under the“CISO-as-a-service”model),overwhelmingly by privately owned companies(93%),indicating the high current levels of concern aroun
35、d cybersecurity issues.In contrast,when C-suite leaders do act as advisors,this tends to be to charities,clubs and educational organizations rather than the private sector(often to avoid conflicts of interest).Proportion of Fortune 500 senior executives who serve as an external advisor In addition t
36、o their core roleAdvisory rolesCISOs15%Leadership team members*11%*Corporate leadership teams are sometimes referred to as the C-suite,executive committees or management boards.They usually include executive directors as well as a corporations top layer of management.Note:Advisory roles do not inclu
37、de non-executive director roles.Some CISOs have multiple advisory roles.Source:BoardEx,an Altrata company,July 2023 93%of whom have advisory roles at privately owned organizations77%of whom have advisory roles at educational organizations,charities or clubs31%of whom have advisory roles at privately
38、 owned organizationsProfessional experience and educational backgroundAltrata|2023 Spotlight:CISOs in the US|6 Previous employersIt is apparent that military and government experience provide a strong background for cybersecurity leadership.The US Navy,Army and Air Force all feature on the list of p
39、revious employers,as does the US Department of Defense.In addition,many well-known consulting companies,such as PwC,EY,Booz Allen Hamilton and the technology-focused IBM,count todays Fortune 500 CISOs among their former staff.Further down the list,finance employers,such as Citigroup and JPMorgan Cha
40、se,demonstrate that a strong grasp of the budgetary implications of digitalization and major enhancements to cybersecurity programs at large complex organizations carries significant weight in positioning candidates for the CISO role.Top eight organizations ranked by the number of former employees w
41、ho are current Fortune 500 CISOsSource:Boardroom Insiders,an Altrata company,July 202312345678US ArmyPwCUS Air ForceEYUS Department of DefenseUS NavyBooz Allen HamiltonIBMFormer employersThe US Army,Navy and Air Force are among the top former employers of CISOs.Altrata|2023 Spotlight:CISOs in the US
42、|7 Professional experience and educational backgroundMilitary and government experience are seen as strong backgrounds for cybersecurity leadership.Professional experience and educational backgroundAltrata|2023 Spotlight:CISOs in the US|8 Alma matersCISOs have a markedly different set of educational
43、 alma maters than senior executives in the leadership team.In fact,not one of the top 15 universities for S&P 500 C-suite executives features on our list for CISOs11.Common universities attended by current CISOs are Arizona State,the University of Maryland,College Park and George Washington,which al
44、l have highly rated cybersecurity programs.The US Military Academy at West Point also features,again underlining the connection between military training and cybersecurity leadership.Top six universities ranked by the number of alumni who are current Fortune 500 CISOsNote:Does not include executive
45、education.Source:Boardroom Insiders,an Altrata company,July 2023123456Arizona State UniversityUniversity of Maryland,College ParkGeorge Washington UniversityPenn StateJohns Hopkins UniversityUS Military Academy,West PointAlma maters11 See Altrata,Global Gender Diversity 2022.CISOs tend to come from
46、universities that are different from the typical alma maters of senior executives in the leadership team.Altrata|2023 Spotlight:CISOs in the US|9 Professional experience and educational backgroundThe CISO is under competing pressure to support innovation and corporate progress while protecting their
47、 organization from constantly evolving cyber threats.In 2022,Latha Maripuri,CISO at Uber,said:“Redefining the strategic priorities for a modern CISO means focusing on several emerging responsibilities:partnerships,collaboration,innovation,and preparing for the future12.”In this section,through our a
48、nalysis of the CISOs at Fortune 500 companies,we uncover their main focus areas and leading strategic priorities.A number of other areas(outside of the top eight shown above)also carry specific weight with todays executives.Automation,for example,is creeping up the agenda for CISOs.Bret Arsenault,CI
49、SO at Microsoft,admitted in November 2022 that the“shortest resource I have is human capital”.Arsenault sees his role as moving towards the more efficient use of those resources through technology:“Automation is the only way the only way you can do things is figure out how you can get double the sca
50、le with half the resource13.”In February this year,Doug McMillon,President and CEO of Walmart,emphasized the ability of CISO-supervised technological advancement to combat adverse economic conditions and take advantage of an uplift when it comes14.These and other priorities mirror the range of press
51、ures and demands on the CISO and give a clear insight into how individuals are approaching the job.Leading strategic prioritiesTop eight business priorities for current Fortune 500 CISOsProportion of individualsGrowth strategyCustomer retention and engagementNote:Multiple priorities are possible and
52、 likely,so the proporions do not add up to 100%.The proporions refer to known business priorities so,in theory,the numbers could be slightly higher(though not lower).Source:Boardroom Insiders,an Altrata company,July 2023InitiativeInnovationCloudCustomer experienceScaling technology infrastructureInf
53、lationGrowthAutomationAcquisitionsOperational excellence and agilityDigital transformation55%36%31%28%25%22%20%19%Strategic priorities12 Latha Maripuri 2022,Reinventing Cybersecurity,Chapter 1,JupiterOne(via Boardroom Insiders).13 Bret Arsenault,November 2022,Digital Now Microsoft video series(via B
54、oardroom Insiders).14 C.Douglas McMillon,February 2023,Walmart earnings call(via Boardroom Insiders).Altrata|2023 Spotlight:CISOs in the US|10 15 Booz Allen Hamilton 2023,Booz Allen welcomes new CISO Amanda Cody,corporate website.The need to innovateInnovation is the strongest imperative for CISOs i
55、n current market conditions,with 55%of incumbents focusing on this,almost 20 percentage points above the second highest priority.What is clear about the cybersecurity environment is that,perhaps more than any other aspect of digitalized business,it is evolving constantly and at speed.“Everybody is o
56、n this journey,figuring out what they need to do and how fast they need to do it,”Amanda Cody,CISO at Booz Allen Hamilton,said earlier this year.“Were in the cybersecurity space across industries.What do we need to do to support and enable a resilient business15?”While this oppositional,competitive
57、aspect to cybersecurity innovation is a significant source of pressure for CISOs,it is also part of what makes the job interesting and professionally rewarding.The CISOs who succeed in the role(and,by definition,succeed in innovating effectively)thrive in the fast-moving,technologically evolving env
58、ironment,seeing it as a significant professional learning opportunity.Nevertheless,the relentless pressure to be at the forefront of cybersecurity awareness cannot be dismissed lightly.Companies are continually seeking to enhance their security measures and regulatory standards are increasingly stri
59、ct and intricate.CISOs are tasked with finding the best fit for their organization in terms of new technology while making it watertight in terms of data use.Everybody is on this journey,figuring out what they need to do and how fast they need to do it.-Amanda Cody,CISO,Booz Allen HamiltonAltrata|20
60、23 Spotlight:CISOs in the US|11 Leading strategic priorities16 Gerry Smith,November 2022,Office Depot earnings call(via Boardroom Insiders).Pushing for growth Growth is the second highest priority,with 36%of CISOs focusing on this imperative.In this respect,the CISO is crucial to the development of
61、a strategy for secure technology-driven growth and a successful transition to digital.Office Depots CEO,Gerry Smith,speaking in November 2022,suggested that his companys“unique”low-cost,tech-driven business model was the key to its impressive recent growth:“This approach has led us to significantly
62、lower our operating cost base,helping us to move from a highly fixed-cost business to a more variable operating structure.This approach has served us well and helped ODP thrive through economic cycles of the pandemic16.”As well as providing key input into the design and budgetary management of this
63、kind of streamlined,tech-driven operational structure,CISOs can promote enterprise growth by refining cybersecurity practices to make their companies more attractive partnering prospects and reduce entry barriers to new markets with specific regulatory requirements.Above all,however,we come back to
64、the defensive power of the CISO as the key to digitalization and growth in the current market environment.Preventing and mitigating the cost of a data breach as a company adopts new technology will be one of the CISOs main contributions to growth.Altrata|2023 Spotlight:CISOs in the US|12 Leading str
65、ategic prioritiesBrand security is key to the customer experience.17 Pedro Malha,April 2022,Abbott Laboratories press release(via Boardroom insiders).Keeping the customer satisfied The CISO plays a key role in the construction and maintenance of brand security,which is important to the customer expe
66、rience and,therefore,to a brands reputation.A brand that has suffered public data breaches will likely lose customers and suffer reputationally,so a tight security program is imperative to this aspect of business protection and development.The CISO is responsible for the framework that provides the
67、data security a brand needs to remain attractive.For this reason,the CISO and chief marketing officer must work together to provide a secure and attractive brand package.This combination of enhanced customer experience and data security is nowhere more important than in the healthcare sector.In Apri
68、l 2022,Abbott Laboratories launched an upgraded version of its NeuroSphere myPath digital health app.Pedro Malha,VP of neuromodulation at Abbott,commented:“Both the myPath digital app and our NeuroSphere Virtual Clinic allow us to deliver a more personalized and proactive approach to how advanced di
69、seases are managed changing how people access healthcare around the world17.”The upgraded version of the app featured enhanced functionality to help healthcare professionals track patients responses to Abbotts neurostimulation devices,which are used to alleviate chronic pain.Managing the implementat
70、ion of such technologies in an extremely sensitive data environment is one of the most exacting and distinctive challenges in the CISOs role.Altrata|2023 Spotlight:CISOs in the US|13 Leading strategic priorities18 Michael Kasbar,April 2023,World Fuel Services earnings call(via Boardroom insiders).Pu
71、tting the tech infrastructure in place Next on the list of priorities,for 28%of all CISOs,is the requirement to scale technology architecture in the business.This involves creating new platforms to connect with the customer(and internally)and underpin the digital growth strategy of the business.Spea
72、king in April this year,Michael Kasbar,Chairman and CEO of World Kinect(previously known as World Fuel Services),explained the significance of scaling digital architecture to his business:“Many of the services and digital offerings we provide to customers form integral parts of a broader aviation ec
73、osystem that connects us intimately with our customer base.This connectivity has proven to be more resilient to short-term economic weakness than traditional fuel sales,which is why our investment in an expansion of these lines of business over the past several years has been a primary strategic foc
74、us18.”Managing this technological infrastructure is a key aspect of the evolving customer relationship,which will be vital to a successful transition to digital.As businesses look to take on attractive but unfamiliar technologies and scaling gets under way,attack surfaces increase.The CISO has a vit
75、al role in managing this expansion in a measured way with containable levels of risk.Failure to do this can be hugely damaging for a business,with equally serious implications for the CISO.Successful implementation will enable the business and the CISO to distinguish themselves in a competitive mark
76、et,with positive knock-on effects for brand profile,staff recruitment and retention.Altrata|2023 Spotlight:CISOs in the US|14 Leading strategic priorities19 Sue Grabowski 2022,“6 things you can do right now to protect your business data,”Erie Insurance corporate website,September 27,2022.Driving the
77、 move to cloud computingAs detailed above,a CISOs biggest responsibility in todays cyber climate is protecting their organizations data.Developing a strong internal security program is imperative,but the most secure storage facilities are available offsite in the cloud.Transferring company data to t
78、he cloud is the fifth-ranked priority,with a quarter of CISOs focusing on this matter.“One reason small-and medium-sized businesses are frequently targeted is because they dont have the same technology resources as a large corporation,”Jamie Neumaier,VP and CISO for Erie Insurance Group,said in Sept
79、ember 2022.“Not only does this make them an easier target,but attacks on small businesses often go unnoticed by the public because they arent heavily publicized19.”Data security is paramount and backing up the data in a way that keeps it available in the event of any breach or systems failure is fro
80、nt of mind for the CISO.Ensuring adequate back up is the best strategy to prevent serious downtime,which is costly in terms of finance and reputation.Attacks on small businesses often go unnoticed by the public because they arent heavily publicized.-Jamie Neumaier,VP and CISO,Erie Insurance GroupAlt
81、rata|2023 Spotlight:CISOs in the US|15 Leading strategic prioritiesMethodologyThis report was based on analysis from two of Altratas Professional Intelligence brands:BoardEx and Boardroom Insiders.Most of the analysis centered on the more than 440 CISO or equivalent roles within Fortune 500 companie
82、s,alongside additional secondary research.This report leveraged BoardExs unique and proprietary Global Leadership Database,covering board and non-board members,C-suite executives,senior leaders and professional advisers.The database contains more than 2 million profiles of public,private and not-for
83、-profit organizations and the 1.6 million people who work for them.All BoardEx data is collected from credible,published sources and cannot be edited by users.Our data is powered by a team of skilled analysts,who research,verify and maintain these profiles.Data details include current and historical
84、 roles(with start and end dates)for board positions,employment and education.Boardroom Insiders detailed executive profiles include the professional backgrounds,business priorities and strategic vision of more than 40,000 VP and C-level executives of the Global 2000,the worlds 2000 largest companies
85、.Boardroom Insiders research team reviews news articles,earnings transcripts,interviews and more.MethodologyAltrata|2023 Spotlight:CISOs in the US|16 Altrata is a data powerhouse,built to deliver more value to our clients.We are the global leader in data-driven people intelligence on the wealthy and
86、 influential.We work at scale with businesses and nonprofits across the world from a variety of industries.We help our clients connect with confidence to the people who have the greatest impact on their business.Our products give our clients all the information they need on everyone they need to kno
87、w.Our data is actionable,accurate,and comprehensive.And our global team of more than 400 researchers is committed to maintaining millions of profiles and changing data points,so our clients can effectively engage their target audience and make meaningful,lasting connections.Altrata is a registered t
88、rademark of Delinian Limited and its affiliated companies,which comprise five dynamic offerings:BoardEx,Boardroom Insiders,RelSci,WealthEngine and Wealth-X.About BoardExBoardEx is the leading provider of executive intelligence and relationship mapping solutions,working with premier organizations acr
89、oss the academic,corporate,executive search,private equity,legal,and financial and professional services industries.Founded in 1999,organizations trust BoardEx to identify,qualify and map connection paths to 2 million organizations and the 1.6 million people who lead them,to enhance business develop
90、ment strategy,talent management and alumni relations efforts,as well as conduct data-driven research and analysis.About Boardroom InsidersBoardroom Insiders is a leader in executive intelligence with more than 40,000 detailed profiles of senior decision-makers in the US.The executive profiles includ
91、e insight on business priorities,interests and professional experience,allowing clients to identify common threads and discover powerful relationships across important accounts.The platform enables enterprise sales and marketing teams to close bigger deals,faster.About AltrataAltrata|2023 Spotlight:CISOs in the US|17 To obtain further information or to request a demo,please contact us at: