Home » CISO vs CEO: Thoughts on Data Security

CISO vs CEO: Thoughts on Data Security


CISO vs CEO. What does each role think about data security? Do they think the same when it comes to it or do they have different views?

Today, companies rely more and more on data. That is why data assets are growing to be more valuable. Thus, it is no question that data security is becoming a growing concern.

Why? Because cybercriminals are also growing by number. The moment they enter your system, it can be hard to spot them. Some companies even take months to detect hackers.

As a result, they experienced data loss and saw a lot of damage. Of course, it can also cost a lot of money.

So, what are companies doing to keep this from happening? By having a leader, of course. But who is going to be?

For many, they believe it should be the CISO. But some think it is the job of the CEO at the end of the day.

Yet, each role has different views on data security. Why so? And what are these? Read on to know more.

CISO vs CEO: Thoughts on Data Security

We can get the help of Cyentia Institute’s Cyber Balance Sheet Report on 2017 on this matter. Their report can give us an idea about the views of CISOs and CEOs on data security.

In this report, they had over 80 respondents. Among them are board members and IT executives. Then, they asked them about their views on the value cybersecurity gives.

Further, on the question, they included five categories. Respondents were to rate each one. Here is the result:

  • Security Guidance. 43% of CISOs think so, while only 20% of CEOs do
  • Business Enabler. 40% of CISOs believe so, while only 25% of CEOs do
  • Loss Avoidance. 40% of CISOs think so, while more CEOs at 50% do
  • Data Protection. Only 29% of CISOs believe so, while almost all CEOs at 91% do
  • Brand Protection. Only 19% of CISOs believe in this, while 63% of CEOs do

As you may notice, not even a third of CISOs think cybersecurity gives value to data security. Which may sound surprising. Because you may think it is part of their job.

But it is the CEOs who have that thought. With almost all believing so. Why is this?

As per Cyentia, this is due to CISOs already knowing it is their job to ensure data security. But they already see it as something positive.

Compared to CEOs, they think it is a business enabler versus a cost center. Thus, they think it brings real value to their business.

That is why they have different views versus CEOs. As per the report:

  • 40% CISOs think data security is a business enabler
  • Only 20% of CEOs think that it is

Thus, we can see that CEOs view data security to equate brand protection. Which only a few CISOs think so.

Which one is it?

So, which one is it? Well, the best thing for a company is for both of them to work together. With that, they can ensure their company will have robust data security.