June 27, 2008 — Our exclusive 2008 State of the CSO survey shows growth on almost every front in the battle to engrain security and risk management into every business. We heard from senior leaders on everything from organizational charts and strategic priorities to daily duties. Let's dive into the key findings:
1. More Power to You
Where security reports on the organizational chart is a good barometer of the profession's standing. For the first time, the number of respondents who report directly to the CEO of president of their organization is equal to the number reporting to the technical function. That's the first sign of expanding influence.
To whom do you directly report?
| 2008 | 2003 | |
|---|---|---|
| CIO or CTO | 22% | 30% |
| CEO/President | 21% | 12% |
| COO/Equivalent | 11% | 6% |
| CFO/Equivalent | 5% | 5% | General Counsel/Legal | 4% | 2% |
| Other | 37% | 34% |
***
Certifications remain important, but the big story here is the encouraging increased number of security leaders who hold an MBA. In 2003, 14 percent of respondents could hang an MBA on their office wall. Today, that number has risen to more than a quarter of respondents.
Which of the following degrees and/or certifications do you hold? h3>
| (Multiple responses possible.) | |
|---|---|
| MBA | 26% |
| CISSP | 23% |
| Military or law enforcement | 3% |
| CPP | 11% |
| JD | 3% |
| PhD | 3% |
***
Tenure is on the rise, offering further evidence that the security leadership position is becoming more stable and mature. And perhaps, just perhaps, that the "fall guy syndrome," in which CSOs served as handy scapegoats, regardless of who accepted a particular business risk, is receding.
How long have you been in your current position?
| (Numbers do not total 100% due to rounding.) | |
|---|---|
| Less than one year | 8% |
| Between one year and two years | 13% |
| Between two and three years | 20% |
| Between three and five years | 21% |
| Between five and 10 years | 23% |
| More than 10 years | 16% |
***
While I.T. remains a common background for survey respondents (in all likelihood indicating that the title CSO is still held by information-security-only leaders in a lot of companies), a wide variety of other experiences shape the security function.
What is your background?
| Multiple responses possible. | |
|---|---|
| Information systems | 58% |
| Business operations (sales, admin, etc.) | 24% |
| Military | 18% |
| Physical security | 18% |
| Audit | 16% |
| Law enforcement | 16% |
| Legal | 4% |
| Other | 13% |
2. Changing World, Changing Job
Org charts aside, here's direct and resounding indication that the corporate world has awakened to risk management.
In the past 12 months, has your organization's leadership placed more, less or the same value on risk management?
| More value | 62% |
| No change | 32% |
| Less value | 6% |
And here's one likely reason for risk management's greater value: more laws. While it has been a quiet year (relatively) for new federal laws, companies still face an expanding list of state disclosure laws, new PCI application security requirements, and rolling deadlines such as the FACT Act's Red Flag Rules.
In the past 12 months, has the amount of time you spend on regulatory compliance increased, decreased or stayed the same?
| Increased | 59% |
| Remained the same | 40% |
| Decreased | 2% |
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention
Learn how this implementation of a DLP solution helps ensure customer trust and loyalty.
- Practical Role Management: Real-World Approaches to a Complex Problem
- The Disconnect Between Security and the Business
- When Customer Relationship is Everything, Businesses Bank on SSL Solutions
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- Managing SSL Security in Multi-Server Environments
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
