A new class of senior IT security executives toting influence and input into their organization’s business strategies is emerging in the C-suite, according to the results of a recent study by IBM Corp.’s Center for Applied Insight.
“Influencers” are far more likely to elevate IT security to a strategic priority that their peers, according to the study, entitled “Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer Assessment.”
Some 25 percent of the 138 security officers interviewed for the report identified themselves--based on breach preparedness and overall security maturity--as “influencers” with the remainder categorized either as “protectors” or “responders.”
The study revealed that security leaders--tasked with defending valuable company assets such as customer data, intellectual property, brand and money—have convinced senior executives of the key role security plays in the enterprise, officials said.
Indeed, nearly 90 percent of study’s participants said that information security spending at their organizations will increase by double digits in the next two years, prodded by pressing issues such as mobile security, high profile hacking and data breaches.
Accordingly, the chief information security officer’s (CISOs) role is shifting from fighting fires to anticipating and mitigating danger before it occurs, officials said.
"This data painted a profile of a new class of CISO leaders who are developing a strategic voice, and paving the way to a more proactive and integrated stance on information security," said David Jarvis, IBM Center for Applied Insights senior consultant and author of the report.
"We see the path of the CISO is now maturing in a similar pattern to the CFO from the 1970s, the CIO from the 1980s – from a technical one to a strategic business enabler,” he said. “This demonstrates how integral IT security has become to organizations."
IBM said that it conducted the study during the first quarter of 2012 using double blind interviews with 138 senior executives and IT security executives from a wide range of industries in seven countries.
About 20 percent of the respondents head information security in enterprises with more than 10,000 employees while 55 percent work in enterprises with 1,000 to 9,999 employees.