Chief information security officers (CISOs) have been around for 25 years, but the role continues to evolve as the cybersecurity threat landscape grows more complex and threatens to disrupt business functions, according to Fortinet’s recent The CISO and Cybersecurity: A Report on Current Priorities and Challenges.

As the scope of their responsibilities grows, CISOs are in a more prominent position in many organizations now than in the past, the report noted, working regularly with other members of the C-suite and board as cybersecurity becomes critical to the bottom line for most companies.

SEE: 10 tips for new cybersecurity pros (free PDF) (TechRepublic)

The CISO’s job of managing cybersecurity risks is complicated by several factors, including an expanded attack surface brought on by digital transformation initiatives, increasing security complexity as networks become more complicated, and rapidly changing threats.

“CISOs can no longer afford to simply be technologists, but rather must become drivers of business strategy,” the report stated. “They must move beyond compliance checkboxes to a broad approach based on an organization’s overall risk management strategy. And they must move beyond a ‘band-aid’ approach to covering the attack surface to a holistic, proactive stance toward threat response.”

Top CISO challenges

CISOs named the following as the top industry challenges that are leading them to improve or change their security posture, according to Fortinet:

  1. Hackers/attackers (pre-intrusion) (47%)
  2. Strategy (33%)
  3. Data loss and privacy (28%)
  4. Cost reduction/avoidance (13%)
  5. Risk management (13%)

For more, check out How to become a cybersecurity pro: A cheat sheet on TechRepublic.

Also see

Image: iStockphoto/gorodenkoff