With SEC Rule Changes on the Horizon, Research Reveals Only 14% of CISOs Have Traits Desired for Cyber Expert Board Positions
June 6, 2023
PRESS RELEASE
BOSTON, June 6, 2023 /PRNewswire/ -- Today, IANS Research, Artico Search and The CAP Group released its CISO as Board Directors - CISO Board Readiness Analysis, a collaborative research study that evaluates the qualifications of Chief Information Security Officers (CISOs) across the Russell 1000 Index (R1000 [top 1000 US public companies by market capitalization]) against five key traits of credible candidates for cyber expert board positions. The study found that 14% of R1000 CISOs stand out as potential board director candidates.
New SEC rule changes are expected to require public companies to formally disclose the cybersecurity expertise of the board. On most boards, cyber understanding is insufficient. Recent research by The CAP Group revealed that 90% of Russell 3000 companies lack a single board director with cybersecurity expertise, illustrating a significant cyber expert supply-side gap.
"In light of the proposed SEC rule changes, boards will need to identify candidates with cybersecurity expertise, and it makes sense that they will look to CISOs to fill this gap," said Phil Gardner, CEO of IANS Research. "However, only a small fraction of CISOs are strong candidates for boards today. IANS Research has partnered with Artico Search and The CAP Group to equip both boards and CISOs with valuable insights and recommendations to close the cyber expert supply-side gap."
The CISO Board Readiness report identifies key traits of credible board candidates, analyzes CISO board readiness, and provides recommendations for companies considering CISOs for board roles. To determine the essential Board traits of a Cyber Board Director, the research team examined the profiles of CISOs who currently hold corporate directorships. The analysis identified five overarching traits:
Infosec Tenure
Cross-functional Expertise
Ability to Scale
Advanced Education
Diversity
"Technology and cybersecurity expertise alone are insufficient for board directorships," stated Brian Walker, CEO and cyber board advisor at The CAP Group. "Board directors operate at a strategic level and in most boards, there is no room for 'one-trick ponies' since adding a new director for every complex domain of expertise isn't scalable."
Other key findings include:
Approximately 6% of R1000 CISOs have first-hand corporate board director experience.
Another 14% of R1000 CISOs represent a strong candidate pool for board service.
In all, roughly half of R1000 CISOs might be viable candidates for joining boards.
Half of the viable CISO candidates are female or from an underrepresented group, providing an opportunity to add diversity and cyber expertise in a single candidate.
"The transition from executive leadership to board directorship is profound, and many struggle to adapt. Both boards and CISOs would benefit from aligning on expectations for a board-ready cyber expert," stated Steve Martano, a partner and executive recruiter in Artico Search's cyber practice.
For more information, including recommendations for both CISOs and boards considering cyber expert directorships, please read the full report here.
Survey Methodology
IANS Research, Artico Search and The CAP Group sourced the data from publicly available sources, including data from LinkedIn, executive bios, speaking bios, press releases and interviews. The research team also cross-referenced the data against self-reported information from IANS' and Artico's annual CISO Compensation and Budget study and verified and supplemented it with firsthand knowledge of the representative sample. A cross-disciplinary team of cybersecurity experts and data scientists analyzed the data, resulting in a comprehensive study of the board readiness of CISOs across the R1000.
Artico Search
Founded in 2021, Artico Search's team of executive recruiters focuses on a "grow and protect" model, recruiting senior go-to-market and security executives in growth venture, private equity and public companies. Artico's dedicated security practice delivers CISOs and other senior-level information security professionals for a diverse set of clients.
IANS Research
For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for making decisions and articulating risk. We provide experience-based security insights for CISOs and their teams. The core of our value comes from the IANS Faculty, a network of seasoned practitioners. We support client decisions and executive communications with Ask-an-Expert inquiries, our peer community, deployment-focused reports, tools and templates, and consulting.
The CAP Group
The CAP Group advises board directors and officers seeking pragmatic advice on cyber-risk matters. Founded in 2017 and based in Dallas, the firm supports clients ranging in size from global Fortune 500 to regional G2000. The CAP Group brings decades of practical experience in the management of cyber- risk and understands the unique needs of both the board and executive leaders. The CAP Group's advice focuses on ensuring transparency and collaboration between the board and the executive team, providing the insights required to provide effective shareholder risk management.
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024