Are CISOs valued in the C-suite?

by Black Hat Middle East and Africa
Are CISOs valued in the C-suite?

Welcome to the new 134 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on…📣

How CISOs have to adapt, understand numerous different areas of the organisations they work with, and aim for security efficiency – even if it’s not always glamorous. And because they have so many plates to spin, they need to be integral members of the C-suite table. 

OK. Why? 🤔

Because during a panel discussion at #BHMEA22, Jon Staniforth (CISO at Royal Mail) said: 

“We’ve got to look at the soft side, the business side. I’ve probably saved as much data by changing business processes than I have by actually putting in technology controls. A big part of the role of the CISO is to actually become that business leader.” 

And it’s a really important point: sometimes the best security solution isn’t a technological one, but a simple change in the way information is exchanged or stored within the organisation. 

As any CISO could tell you, this means that being a CISO is definitely not just a technical role. And increasingly, as more businesses rely heavily on digital and cloud for many aspects of their day-to-day operations, the CISO is as important in the leadership team as the CEO or the COO. 

A CISO is never doing just one thing 🤖

“It’s one of the balancing acts when you’re a CISO,” Staniforth said. “You’re trying to do the right thing for the organisation, you’re taking direction from the CEO or the chief counsel because they’re meant to be your executive partners, but you’re often not in that protected layer of extra support in terms of mentoring, extra insurance support…” 

This is really hard – particularly when you’re making decisions that could have a serious impact on the organisation. And especially when you’re asked to sign off on decisions that you’re not completely happy to sign off on. 

“I’ve had in my own career a couple of challenging moments where I've been asked to do things I wasn’t comfortable with,” he added, “and had to try and negotiate my way through that balancing act within that organisation.” And when a CISO’s moral baseline doesn’t align with their company’s decisions, they’re forced to make a personal decision: to stay or to quit.

A question for the CISOs – do you feel valued and empowered as part of the C-suite in your organisation? 

1. Yes, definitely😀 vote

2. No – it can be difficult to get my voice heard😔 vote

So the CISO needs a more secure seat at the C-suite table

So as the role of the CISO develops within an organisation, it’s important to consider how that role is supported – and to advocate for yourself in order to build the support systems and assurances that you need. If you’re always going it alone, then you’re always at risk of becoming the company scapegoat.

A report by PwC called The CISO in the C-Suite (based on a Harvard Business Review Analytic Services survey, sponsored by PwC) found that organisations are not focusing enough on cybersecurity leadership development, in spite of the fact that cybersecurity is becoming increasingly critical to organisational success. 

The CISO needs to be accepted as an integral member of the C-suite team – and treated as such. 

As Staniforth put it, “If you look at the rest of your management team, they’re already mutually supporting each other – the COO, the CMO, the CEO – and so how do you emulate that behaviour?” 

But it can’t be a question for CISOs to answer on their own. C-suite leaders across all positions need to acknowledge the pivotal nature of the CISO role, and work to support and empower CISOs so they can work with confidence, and to the best of their ability.

Interested in AI and its various applications throughout different industries? DeepDive is DeepFest's weekly AI newsletter providing tech insights from industry experts. You can subscribe here to receive the newsletter straight to your feed:

DeepFest is the most anticipated AI event of the year, co-located with LEAP, and is taking place from 4-7 March 2024.  

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 13 December 2023.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.

*Referral program terms and conditions

Share on

Join newsletter

Join the newsletter to receive the latest updates in your inbox.

Follow us


Sign up for more like this.

Join the newsletter to receive the latest updates in your inbox.