Being a CISO is a hard job. You must constantly balance business, technology, and regulatory requirements against things like employee and adversary behavior. You can be a superstar, build a world-class cybersecurity program, and follow best practices, providing exceptional protection for the organization. Despite this excellence, a single employee can click on a malicious web link, share a password, or misconfigure an asset, leading directly to a successful cyberattack. When this happens, it’s your fault.
Yup, CISOs have heavy responsibilities. How are they dealing with this burden? Not very well, according to research from ESG and the information systems security association (ISSA). The data reveal that 57% of cybersecurity professionals believe their organization’s CISO is only somewhat effective, not very effective, or not at all effective.