A study released today by the International Information Systems Security Certification Consortium, also known as the (ISC)2, shows that CSOs are gaining clout in the boardroom as they — and their boards of directors and CEOs — are more accountable for information security and risk management strategies. A release from the group said the study showed the “ultimate responsibility for information security moved up the management hierarchy, with more respondents identifying the board of directors and CEO, or a CISO/CSO as being accountable for their company's information security.” The study, based on survey of 4,305 information security professionals in 80 countries — was conducted by International Data Corp. (which shares a parent company with the publisher of CSO Magazine and CSOonline). Specific findings include: The majority of respondents - 73% - expects their influence with executives and the board of directors to increase in the coming 12 months, as talks between security and other business executives shifts from technical subjects to risk management strategies. Nearly 21% of respondents, up from 12% in 2004, say their CEO is now ultimately responsible for security. For the CIO, security accountability dropped to about 30.5%, from approximately 38% in 2004 and rose to 24% from 21% in 2004 for CISO/CSOs. Organizations spend on average more than 43% of their IT security budgets on personnel, education and training. Professionals are looking for additional training in business continuity (50.5%), forensics (50.3%), and risk management (48%), all of which factored higher than the demand indicated in 2004. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe