One thing that’s become clear over the last year is that pressure on CISOs is rising. Beyond the normal, everyday stresses of the role, CISOs now have to contend with the possibility of facing criminal charges for mishandling a cyber incident or misrepresenting their organization’s cybersecurity posture. The prospect of being indicted over a cyberattack will have a variety of downstream effects in 2024. It will impact the hiring market for CISOs, affect their compensation, and change the culture around cyber whistleblowing.
CISOs Will Flock to High-Integrity Organizations
Between the sentencing of former Uber CSO, Joe Sullivan, and the charges leveled against former SolarWinds CISO, Timothy G. Brown, 2023 set a new precedent for culpability in major cyber incidents. The SEC and US Federal prosecutors have demonstrated not only a willingness to hold CISOs directly accountable, they have also shown that the CISO is the first and easiest target.
The message to CISOs at publicly traded companies is clear: figure out who you’re working for, quickly, or put your career at risk. In 2024, we’ll see more CISOs making a concerted effort to avoid organizations with questionable integrity or dubious cybersecurity practices. Gone are the days when a CISO might be tempted to join a high-flying company with a flashy CEO for the perceived career-building opportunity.
Instead, CISOs will put added scrutiny on cybersecurity budgets, staffing, existing controls, and governance at organizations where they’re interviewing for jobs to ensure they’re set up for success and not failure. They’ll also look to join leadership teams composed of individuals who share similar values, hold themselves to a strong code of conduct, and who will support them rather than scapegoat them in times of crisis. CISOs won’t put up with leaders who pressure them to downplay or under report cyber risk...Read More!
