Are CISOs companies’ data breach scapegoats?

Chief information security officers (CISOs) are viewed as scapegoats in the event of a data breach, according to a new report.

Three-quarters of C-suite executives don’t see CISOs as part of a business’s leadership team, and 44% would blame them for any data leaks, a new ThreatTrack Security report revealed.

Two-thirds of the survey respondents consider that CISOs do not have a broader awareness of organisational goals and business needs outside of data security, with over a quarter of them blaming their cyber security decisions for hurting the financial strength of a company.

ThreatTrack Security president and CEO Julian Waits Sr said: "The CISO’s role has become increasingly complex and demanding, yet the value of their contributions aren’t fully understood or appreciated by peers.

"Our research suggests that CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach, and they are significantly undervalued for the work they do every day to keep corporate data secure.

"This perception needs to change, as CISOs, and the teams that work with them, should be viewed as drivers for business protection and growth."

A total of 46% of respondents believe CISOs are responsible for cybersecurity purchasing decisions, with more than a third deeming their CISO could take on another role other than information security, within their organisation.

Another 27% said their CISO adds greatly to enhancing day-to-day security, while the majority of retail and healthcare firms have a perception that the role of the CISO exists mainly to take accountability for data breaches.

Asked to grade the overall performance of their CISOs, 23% of participants gave their CISO an A for excellence; 42% said B for above average; and 30% said C for average.

Waits Sr said: "These findings point to a dilemma for CISOs and their peers in the C-suite.

"If CISOs are not consulted by senior executives during decision-making processes, how can they be held responsible for major security breaches? CISOs serve a vital role in cybersecurity, but are struggling for the recognition and authority they need to be effective in defending organizations from today’s precarious data security dangers."