10.1 C
Paris
Tuesday, April 23, 2024

FTI Consulting Study Reveals Significant Communications Gaps Between CISOs and C-Suites Despite Increased Focus on Cybersecurity

Findings Indicate Nearly One-in-Three Executives Believe their CISOs Hesitate to Inform Leadership of Potential Vulnerabilities, Creating Organizational Risk

FTI Consulting, Inc.’s (NYSE: FCN) Cybersecurity & Data Privacy Communications practice today released the second installment of its “CISO Redefined” series, CISO Redefined: Navigating C-Suite Perceptions & Expectations, which reveals that, despite broad agreement on the increasing importance of mitigating cybersecurity risk, a communications gap persists between the C-suite and cybersecurity leaders. Up against a rapidly evolving risk landscape, new regulatory requirements and increased stakeholder scrutiny, executives are ramping up cybersecurity investments, but still perceive their chief information security officers (“CISOs”) as falling short on key communications imperatives, which can directly impact an organization’s bottom line and reputation.

“Security is a shared goal for these leaders, but what we have seen from our past two studies is that they’re communicating past each other,” said Meredith Griffanti, Global Head of FTI Consulting’s Cybersecurity and Data Privacy Communications practice. “When the CISO speaks in technical jargon, the C-suite and the board don’t understand it, which can lead to the CISO feeling the need to make things sound simpler – or better – than they actually are. This can leave business leaders in the dark about serious vulnerabilities.”

- Advertisement -

The C-suite study summarizes findings from a survey of nearly 800 C-suite executives spanning seven sectors across nine countries. FTI Consulting’s first installment of the “CISO Redefined” series, released in 2022, took the inverse approach and surveyed CISOs. Both studies confirmed mounting leadership expectations for CISOs and associated communications challenges.

According to the C-suite study, 94% of C-suite executives surveyed believe cybersecurity issues increased in prominence over the past 12 months, and a majority deem cybersecurity a critical or high priority. Executives are allocating funds to reflect this new reality, reporting an average increase of 23% in cybersecurity budgets over the next one to two years, and 36% in the next three to five years.

Key findings from the “CISO Redefined” series confirm a communications gap amongst C-suite executives and CISOs:

  • A notable 66% of CISOs felt senior leadership struggles to fully understand their role within the organization, whereas 31% of C-suite executives expressed difficulty understanding the tangible return on cybersecurity investment.
  • While 82% of CISOs felt a need to make things sound better to the Board, 31% of C-suite executives believe their CISOs paint a brighter picture than the reality – and 30% felt CISOs are hesitant to raise concerns about their organization’s vulnerabilities.
  • As far as organizational alignment, 58% of CISOs confirmed they struggle to translate technical language to senior leadership in a meaningful way. Meanwhile, 28% of C-suite executives believed their CISOs have a hard time translating technical terms into business terms, and 30% reported this difficulty when it comes to CISOs expressing cybersecurity risk in financial and material terms.
  • While the research points toward a lack of trust and understanding, it also suggests significant leadership buy-in on solutions to help bridge the gap. In fact, 98% of C-suite executives surveyed supported more funding for CISO communications and presentation training, with nearly half characterizing this need as immediate.

To address this disconnect as well as the demand for actionable solutions, FTI Consulting created Secure Your Seat, a communications and presentation training program designed to sharpen CISOs’ skills for effectively engaging with Board and C-suite leaders to limit risk and close their cybersecurity communications gap.

“Clear, candid communication among leaders is a must-have for any organization to appropriately evaluate and protect against the amplified cybersecurity risks confronting all industries and sectors today,” stated Evan Roberts, a Senior Managing Director in FTI Consulting’s Cybersecurity & Data Privacy Communications practice. “When C-suite leaders lack insight into the threats they face, they struggle to allocate the right resources to maximize their resiliency and preparedness.”

Survey Methodology
FTI Consulting’s Digital & Insights practice conducted an online survey in November 2023 among 787 C-suite executives at organizations with 500+ employees across FTI Consulting’s key industries, representing companies with $21.5 trillion in aggregated revenues and 3.69 million employees globally.

FTI Consulting also conducted an online survey between June and July 2022 of 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with $4.4 trillion in aggregated revenues and employing over 528,000 people.

About FTI Consulting 
FTI Consulting, Inc. is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. With more than 7,900 employees located in 31 countries and territories, FTI Consulting professionals work closely with clients to anticipate, illuminate and overcome complex business challenges and make the most of opportunities. The Company generated $3.49 billion in revenues during fiscal year 2023. In certain jurisdictions, FTI Consulting’s services are provided through distinct legal entities that are separately capitalized and independently managed. For more information, visit www.fticonsulting.com.

About Secure Your Seat
FTI Consulting’s Cybersecurity & Data Privacy Communications practice offers a one-of-its-kind, six-week training program that equips CISOs to serve as key strategic thinkers and communicators at the C-suite and Board levels. From one-on-one communications and presentation training, to building custom and effective cybersecurity Board reporting frameworks, and conducting a mock Board session in front of industry-leading cybersecurity professionals, Secure Your Seat gives CISOs the tools they need to close the cybersecurity communications gap with their organizational leadership. For more information and details on how to sign up, visit our website.

Website | + posts
spot_img

Also Read