New (ISC)2® CXO Report Finds Conflicting Demands, Goals, and Threats Make Enterprise Security Increasingly Challenging for CSOs

Share Article

C-Level Data from the 2013 (ISC)² Global Information Security Workforce Study illustrates paradoxes in application vulnerabilities, mobile devices, and shortage of qualified staff.

(ISC)2® ("ISC-squared"), the world’s largest not-for-profit information security professional body and administrators of the CISSP®, today released new data that outlines the chief challenges faced by top enterprise security executives and illustrates the broad range of complex – and sometimes conflicting – challenges faced by today’s enterprise information security leaders. Some of the key paradoxes the CXO study found include:

  • Application vulnerabilities were the top-rated threat to the security of enterprise data (72 percent of executives rated it as a chief concern), yet many executives also reported that the demands of their organizations make it difficult to develop and implement secure application development processes.
  • Similarly, 70 percent of executives rated mobile devices as a top threat to their organizations, but many reported that they had not successfully implemented mobile security policies and programs.
  • The vast majority of security executives (77 percent in government and 63 percent in private industry) believe they have too few people on their IT security staffs, yet 61 percent cited business conditions as an obstacle preventing them from hiring more personnel.
  • Despite the concerns they registered over a shortage of trained personnel, more security executives plan to increase their spending on technology in the next year (39 percent) than on staffing (35 percent).

The new report, "A View From the Top - The (ISC)² Global Information Security Workforce Study CXO Report," conducted through the (ISC)2 Foundation, offers a detailed perspective on the attitudes and plans of 1,634 C-level executives from enterprises around the world. The data was collected as part of (ISC)2’s sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton, conducted by Frost & Sullivan. The study offers a snapshot of the priorities, plans and concerns of top security executives in a wide range of industries – and the challenges they face in making decisions in today’s dynamic, turbulent cyber security environment.

The report data indicates that top security executives are faced with a myriad of critical, yet sometimes paradoxical, security choices. For example, CXOs said that two of their chief cyber security concerns are potential damage to the organization’s reputation (83 percent) and IT service downtime (74 percent). Yet when asked how they spend their time, the top two answers were governance, risk, and compliance (GRC, 74 percent), and security management (74 percent), which indicates that administrative tasks and priorities dominate their daily agendas.

"Security executives are faced with so many conflicting priorities and pressures that their decision making has become very stressful," said W. Hord Tipton, CISSP, CISA, executive director of (ISC)². "This study demonstrates that many of today’s C-level executives find themselves in constant security catch-22s. They are frequently faced with conundrums in which there is no single answer, underscoring why enterprise security is so difficult to attain in today’s complex threat environment."

"Security is a dilemma for information security executives," stated Michael Suby, Stratecast VP of Research at Frost & Sullivan and author of the report. "Data is proliferating and becoming more fluid, yet the need to protect it is greater than ever. Similarly, there is the challenge of today’s sophisticated attackers, who are becoming increasingly skilled at hiding their exploits. The most significant threat to an organization is what it does not know or cannot detect."

"It is clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions," commented William Stewart, senior vice president at Booz Allen Hamilton. "One of the biggest obstacles security departments face is the dynamic interplay between an organization’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritizing critical assets, closely collaborating with the other organizational leadership and conducting thoughtful and forward-looking threat analysis."

There will be a panel session titled "The View from the Top: The 2013 Global Information Security Workforce Study CXO Report" taking place at Security Congress in Chicago on Wednesday, September 25th from 4:30-5:30 p.m. CST. The panel will be moderated by Julie Peeler, (ISC)² Foundation director. Panelists include Hord Tipton, (ISC)² executive director; William Stewart, senior vice president, Booz Allen Hamilton; Sarah Bynum, director of security, CPP, Seimens Energy Inc.; and Tomasz Chowanski, senior vice president, information security, consumer lending enterprise information security, Wells Fargo. More information on this session can be found here:

Likely the largest study of the information security profession ever conducted, the 2013 GISWS was conducted in the fall of 2012 through a Web-based survey. Since its first release in 2004, the study gauges the opinions of information security professionals and provides detailed insight into important trends and opportunities within the information security profession. It provides a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression, and corporate attitude toward information security that is of use to companies, hiring managers, and information security professionals. The full study can be found here:

About (ISC)²

About The (ISC)² Foundation

About Booz Allen Hamilton

Booz Allen Hamilton is a leading provider of management and technology consulting services to the U.S. government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. Booz Allen is headquartered in McLean, Virginia, employs approximately 25,000 people, and had revenue of $5.86 billion for the 12 months ended March 31, 2012.

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and merging economies.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michelle Schafer
Merritt Group
Email >

Amanda D'Alessandro
Email >
Follow us on
Visit website