Chief Information Security Officers (CISOs) are a lot more concerned about the operational pitfalls and resources required to deploy new IT technology than their CIO and CTO colleagues. For example, nearly three-quarters of CISOs feel that cybersecurity now demands so much from IT departments that security tradeoffs are inevitable if a company wants to keep going about its daily business.
That’s according to the Executive Accelerator Report from LevelBlue, the former AT&T Cybersecurity. This survey was conducted among more than 1,000 C-level executives and other employees in senior management positions in 18 countries. The key findings address differences of opinion and understanding among CISOs, Chief Technical Officers (CTOs) and Chief Information Officers (CIOs).
According to the report, whereas the CIO is primarily concerned with technology development and innovation and the CTO co-determines a company’s strategic direction in this area, the CISO is charged with the operational interpretation and practical implementation of security measures and protocols.
This means that decisions and policies originating from other C-level executives (or their effects) end up, left or right, on the CISO’s plate. As a result, the CISO experiences firsthand where security interests clash with ambitions regarding innovation, strategy, or a smooth daily workflow.
Compliance as an obstacle to innovation
Also, CISOs experience much more pressure to apply AI, even when they are not yet convinced of its usefulness and necessity. In contrast, CIOs are much more willing (92 percent) to tolerate some security risk if it would otherwise hinder innovation. For CISOs, this is only 75 percent, and for CTOs, it is 81 percent.
CTOs, in turn, are less bothered about hidden risks in the supply chain. Nearly three-quarters of both CIOs and CISOs find it difficult to correctly assess such risks, while ‘only’ 64 percent of CTOs share this concern.
Indeed, many CTOs find compliance requirements a hindrance to innovation. Too many regulations hinder competitiveness, 73 percent of them believe. For CIOs, that figure is 55 percent and for CISOs 61 percent.
Cloud computing offers a solution
Cloud computing offers a solution to achieve a more robust ‘security posture,’ C-level executives of all blood groups more or less agree. About 80 percent of each group sees benefits here. Thus, a (further) move to the cloud could be a way to take the sting out of conflicts created by clashing priorities.
The Executive Accelerator provides a comprehensive data analysis from a broader survey called the 2024 LevelBlue Futures Report. Whereas the general survey paints a picture of the state of cybersecurity and resilience, the Accelerator addresses the issues that particularly concern senior management.
Joint venture
LevelBlue offers managed security services designed to unburden customers in the area of data security. It also offers consulting, research, and threat mapping. Until May of this year, the company was AT&T Cybersecurity, a division of U.S. telecom giant AT&T. The name change came after entering into a joint venture with private equity firm WillJam Ventures as the new majority shareholder.
Former parent company AT&T retained both a minority stake and a seat on the board of directors. The dowry AT&T brought to this joint venture were assets from its 2018 purchase of threat detection specialist Alienvault.
Read more: AT&T Security renamed LevelBlue in new joint venture