In the past few years, many companies have gone through large-scale digital transformations and are now under more pressure than ever to not only move at a faster pace, but also with much more attention to the organization’s information, cyber, and technology security. The tension between the priorities of enabling business objectives through technology and maintaining a robust security posture is especially challenging in terms of CISOs reporting to CIOs.
JM Search and Amrop’s Digital Practice collaborated on a series of interviews with CIOs and CISOs in the United States and Europe to gain their perspective on how to approach and manage these challenges.
We analyzed and compared their insights in four areas:
- The root causes and main areas of tension between CIOs and CISOs
- Reporting structure preferences (pros and cons of the CISO reporting to the CIO vs. working as peers)
- Best practices for managing the CIO/CISO relationship
- Best practices for CIOs and CISOs to collectively communicate a unified message about the security program and cyber risks to Boards and ELTs.