Indeed, the average board size of S&P 500 companies is reportedly eleven people. Our experts say that while CISOs are invaluable in their function, the primarily technical nature of their work may mean they don’t have the wider business perspective required of a board member. Though it’s not entirely the CISO's fault, given the demands of the role. A recent survey found that over half of information security professionals feel burned out, with our experts pointing to the need for constant threat vigilance being a possible factor. “CISOs may have too much on their plate to think about a company’s overall growth,” says Max Kershner, Korn Ferry’s North America Cybersecurity Leader.
Our experts say organizations should aim to do more to cultivate CISOs into future business leaders—or risk losing them altogether. One-in-four security leaders are reportedly projected to leave the security industry by 2025, and some experts posit that the one cause could be a lack of professional advancement opportunities. More CISOs want to report directly to the CEO, and with good reason—a reported eight-in-ten tech security leaders who report to the CEO state that they can more easily get the funding they need for security initiatives.
"Think about it: from a boardroom perspective, after a major data breach, if it's suddenly discovered that your CISO is a fairly minor player within the organization, that’s not a good look from a litigation standpoint," says Benjamin Frost, a Senior Client Partner in Korn Ferry's Products business. “We’re potentially a couple of fines away from quite a radical rethink on this,” he adds.
Our experts propose a key way that CISOs can help to improve their standing within a company is by developing their ability to articulate technical principles in language that boards can digest. Our data shows 91% of CEOs say they know tech and AI is important for the future of their company, but only 17% say they understand it. Expanding the breadth of topics that CISOs can contribute to might also be a necessity, says Anthony Goodman, Korn Ferry Senior Client Partner and leader of its North American Board Effectiveness practice. Quoting another business leader, he adds, “If you have a board full of one-trick ponies, you end up with a circus.”
Looking to level up your organization’s cybersecurity capabilities? Talk to us.