76% of Chief Information Security Officers (CISO) now hold a full-time position, according to the latest CISO survey.

The second “CISO (Chief Information Security Officer) in the spotlight” survey analyses the evolution of the CISO’s role over the past two years in Luxembourg. Conducted by the CPSI (College des Professionnels de la Sécurité de l’information) and PwC Luxembourg, the survey has shown that, despite being under-represented in management committees (only 13% occupy a seat), a CISO today serves as a technical expert with clear business understanding and a risk mindset. The study also showed that 76% of CISO's now hold a full-time position, compared to just 53% two years ago.

With the growing awareness that information security breaches expose organisations to severe operational, legal, financial and reputational risk, businesses are seeing the advantages of embedding security consciousness, and hence the role of a CISO, into their organisational culture and making it a core competency. This is reflected in the latest CISO survey.
 
Compared to the results from the 2016 survey, this year’s report shows significant progress in various aspects related to a CISO’s role in an organisation. Indeed, it found there to be growing recognition of allocating a full-time role for the CISO/ISO (Information Security Officer) position. In 2016, just over half of respondents reported that CISO/ISO roles were full-time. Today, over three quarters consider it to be a distinct, full-time job. Moreover, whilst in 2016 no CISO/ISOs reported working at the executive committee level, today 13% report to the CEO. 
 
The report also showed that nearly all companies consider information security to be a priority. As many as 65% of the companies that responded to the survey see it as being a necessity for their organisations. Companies that see information security as an enabler also value the opinion of their CISO/ISOs and take it into account in their decision making process.
 
In addition, most CISO/ISOs (85%) admitted that their jobs have become more complex compared to 2016 due to the the world becoming increasingly interconnected and dependent on cloud technology. The key challenge for CISO/ISOs was found to be the lack of qualified security professionals and negligent employees working in a complex IT environment. CPSI President Rodolphe Mans commented: “Companies need to establish a cybersecurity culture where everyone has the responsibility to observe and promote security practices and to behave in a way that is aligned with the information security strategy of a company." 
 
Despite the increasing complexity of their job, the majority (92%) of CISO/ISOs surveyed reported that they were satisfied with their role.