2023聚焦：美国的首席信息安全官

2023 SpotlightCISOs in the US 2023 Spotlight:CISOs in the US James LavellChief Executive Officer Richard GreenChief Commercial Officer Mark HeveySenior Vice President and Global Head of Sales, Professional Intelligence Michael PhillipsVice President, Marketing and Communications Amanda CifoneSenior Marketing Director Maya ImbergSenior Director, Head of Thought Leadership and Analytics Nikoletta SzaboAssociate Analyst, Thought Leadership and Analytics Stephanie WarburtonDirector of Visual Communications Dawn LastreVisual Communications Coordinator © Delinian Limited and its affiliated companies. August 2023. The significance of the chief information security officer (CISO) has increased markedly over thepast decade and the role is now considered essential to any organization. The CISO has to managea balance between keeping an organization’s data and systems safe while maintaining forwardstrategic momentum and keeping up with innovation. William O’Hern, SVP and CISO at Travelers (previously at AT&T), sums up the three pillars of the CISOrole as: “mission, threat and innovation. These factors collectively provide balance to security leaderswho seek to optimize their protection architecture and associated policies, programs and practices1.” This concise report shares direct insights from CISOs as they address these challenges. UsingBoardroom Insiders’ unique, in-depth profiles of today’s executive leaders, this study’s insights spanmore than 440 individuals in CISO or equivalent roles at Fortune 5002companies; we also draw onBoardEx’s unique and proprietary Global Leadership Database. We take a deeper look into CISOs'professional and educational backgrounds, interests and business priorities to provide a holistic viewof the individuals who fulfill this important role. Key takeaways The CISO must be able to balancerisk with opportunity.The role entailscoping with acute pressures, giventhe need to support innovation andcorporate progress at the same timeas protecting an organization fromconstantly evolving cyber threats. The need to innovate and promotegrowth were CISOs’ top priorities atthe midpoint of 2023.We found that55% of these CISOs were focusing oninnovation, while around a third wereprioritizing the customer experience,growing the enterprise business andscaling technology infrastructure. CISOs often have professionalbackgrounds in the government andmilitary.As well as the more typicaltraining grounds for C-suite executives,such as consultancies, the US Army,Navy and Air Force are among the topformer employers of CISOs. West Pointis one of the most common alma maters,along with Arizona State University andthe University of Maryland, CollegePark. When it comes to senior-levelexperience, half of all current CISOshave held a senior role in technology atsome stage in their careers. Travel and sports are among CISOs’most popular pastimes and interests.These align with the hobbies of othertop-ranking C-suite executives, whilementoring and volunteering also featurein the list. In common with other seniorleadership roles, there is a significantgender imbalance, with only 16% of CISOpositions held by women. At around52 years old, the typical CISO is a littleyounger than leaders in the C-suite, likelydue, in part, to the specific technicalrequirements of the role. The rise of the CISO The role of the CISO, which not long ago would have been regarded as a novelty, has increased inimportance as businesses have digitalized and cybersecurity has become a significant concern tovirtually every organization3. The CISO is tasked with looking to the future as a member of the business’s strategic senior orleadership team4. At the same time, they must work in close collaboration with members of theC-suite (often the chief information officer), to design an information security program to safeguardorganizational data and systems, and maintain a rigorous level of vigilance for the possibility ofexternal cyber attack. In 2021, the number of data breaches in US companies climbed by 68% to 1,862,costing an average of $4.2m each5(not withstanding reputational damage). In 2022, the number ofsuch breaches held steady at slightly more than 1,8006. Accepting and balancing risk is vital in this role. Steve Hendrie, CISO at Hershey, said: "Along withhaving a strong IT team by your side, you must have a good understanding of the business as well asknow-how to take a balanced approach between risk and opportunity7.” The support of the seniorleadership team and internal recognition of the unusually acute pressures on the role are essential. Balancing risk with opportunityis a vital aspect of the role. Today's CISOs Who are the leading Fortune 500 CISOsof today and what are their characteristicsas a group? Here we look at this cohort ofindividuals, examining their demographics,personal interests, professional experienceand educational backgrounds. Gender, age and hobbies Gender and age In common with leadership p