93% of Security Leaders Do Not Report to the CEO, According to New Research From LogRhythm

93% of Security Leaders Do Not Report to the CEO, According to New Research From LogRhythm

Global Research Finds IT Security Leaders Should Be Held Accountable for the Consequences of Cyberattacks, Yet Lack the Influence Required to Shore Up Security Strategies

LogRhythm, the company powering today’s security operations centers (SOCs), announced the release of its report, “Security and the C-Suite: Making Security Priorities Business Priorities” based on research conducted by the Ponemon Institute. The research found that, while most organizations have experienced a cyberattack in the last two years (60%) and spend approximately $38 million on security activities, only 7% of security leaders are reporting to the CEO. Yet, 42% of respondents say the IT security leader should be the person most accountable for preventing or mitigating the consequences of a cyberattack.

Ponemon conducted a global survey of 1,426 chief information, technology and security executives, LogRhythm sought to learn about the role and responsibilities of today’s cybersecurity leaders and the challenges they face in creating a strong security posture. Respondents were located in the United States, EMEA and Asia-Pacific.

Security Leaders Shoulder More Responsibility and Risk

Cybersecurity leaders shared they have assumed more accountability and risk, but struggle to achieve the desired security posture, because they are not seen as influential or valued members of their peer group. Sixty percent of respondents say the cybersecurity leader should report directly to the CEO because it would create greater awareness of security issues throughout the organization. However, because the majority of security leaders are three steps away from the CEO, only 37% of respondents say their organization values and effectively leverages the expertise of the cybersecurity leader.

“While security leaders are assuming more responsibility than ever before, they lack the necessary organizational visibility and influence to effectively build and mature their security programs,” said James Carder, chief security officer of LogRhythm. “Comprehensive cybersecurity programs are integral to the success of an organization. This research should spur CEOs to take accountability for safeguarding their organization’s sensitive information, prioritize the security program by elevating the security leader and ensure inroads between security decision-makers, the C-suite and the board.”

New Security Pitfalls Stem From the COVID-19 Pandemic

The significant increase in employees working remotely due to COVID-19 has created the biggest security challenge for IT security leaders, according to the research. These challenges are here to stay as enterprises adopt a hybrid work strategy to accommodate a distributed workforce, creating increased risk to sensitive and confidential information. Below are noteworthy findings about survey respondents’ newfound security issues resulting from remote work practices.

  • 73% of respondents say less secure home networks are used by employees in their organization.
  • 68% of respondents say employees and contractors believe the organization is not monitoring their activities.
  • 67% say a family member uses a work device.

Amid these challenges, 54% of respondents are worried about their job security, with 63% citing insufficient budget to invest in the right technologies as a main culprit. Further, more than half (53%) of respondents claim senior leadership does not understand their role, and another 51% of respondents believe that they lack executive support.

Download the full report, Security and the C-Suite: Making Security Priorities Business Priorities, here.

About LogRhythm

LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.

LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps. Together, LogRhythm is ready to defend. Learn more at logrhythm.com.

Comments are closed.