BUSINESS SURVEILLANCE

Andrew Jenkins , Principal in the CIO and Technology Officers Practice at Odgers Berndtson , reflects on some of the key developments for CISOs in 2021 and explores how the role of the Chief Information Security Officer ( CISO ) is changing alongside Digital Transformation demands .

n 2020 , CISOs were

Their contributions cemented them as one of the most important positions on leadership teams . During 2021 , their role claimed even more of the limelight , as remote and hybrid working became the norm and digital technologies became so much more prevalent .

Although they have always played a critical role in organisations , the CISO really rose to prominence during 2021 . This has led to a repositioning of the role , with many organisations now preferring their CISO to report directly to the CEO .

As a result of this increased leadership capacity and a growing appetite among organisations for information security leadership , CISO salaries have risen exponentially . What ’ s more , organisations now expect their CISOs to play a role in the diversity agenda , leading to a growing demand for CISOs with inclusion and diversity experience . Below , I outline these trends in full , reviewing some of the key developments for CISOs in 2021 .

Repositioning of the CISO role

Historically , a CISO would report to a Chief Technology Officer ( CTO ). Technology and Digital Transformation have often taken priority over security , and as a result , boards have tended to appoint CIOs / CTOs and only hired CISOs underneath them when their security or regulatory needs really demanded it .

This has created some conflict . In this position , the CIO / CTO has the final word on the technology and security budget . They can – and do – end up allocating more of that budget for large technology projects at the expense of security .

But as the digital attack landscape has grown , so too has the need for cybersecurity and data protection .

Andrew Jenkins , Principal in the CIO and Technology Officers Practice at Odgers

Regulators are also increasingly aware of any perceived conflicts of interest created by this reporting line and have put pressure on organisations to address it .

Over the past year , this need has seen many boards reposition their CISOs so that they have a greater capacity to influence the security agenda within their organisations . It ’ s led to more and more CISOs reporting to Chief Operating Officers , Chief Risk Officers , or directly to CEOs .

A growing need for diversity credentials

Over the past couple of years , Inclusion and Diversity ( I & D ) have become a critical priority for boards , if not the

62 www . intelligentciso . com