A new white paper by ThreatTrack Security reports that the role of chief information security officers at U.S. enterprises is underappreciated and misunderstood, particularly in the coverage of their duties and leadership capabilities.
ThreatTrack Security said that C-level executives in the legal, retail, healthcare and professional services sectors believe CISOs are responsible for preventing data breaches.
Of the 203 respondents, 74 percent also say that CISOs should not be part of the leadership team that makes the corporate decisions on issues such as cybersecurity.
This is related to the view that the skill set of CISOs is limited to information security rather than encompassing business needs and objectives, the paper said.
According to the study, a notable contention is in the role of the CISO relative to the chief information officer, with 18 percent pointing to CISOs as merely advisers to CIOs on cybersecurity issues, including technology acquisitions.
“The CISO is a highly specialized role that few people have the know-how and experience to undertake,” ThreatTrack Security said.
“As such, it should be elevated in the corporate structure to a level that corresponds to the post’s weighty responsibilities.”
Opinion Matters conducted the independent survey for ThreatTrack Security between June and July 2014.