Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



FTI Consulting Study Reveals Significant Communications Gaps Between CISOs and C-Suites Despite

May 2024 by FTI Consulting

FTI Consulting, Inc. released the second installment of its “CISO Redefined” series, CISO Redefined: Navigating C-Suite Perceptions & Expectations, which reveals that, despite broad agreement on the increasing importance of mitigating cybersecurity risk, a communications gap persists between the C-suite and cybersecurity leaders. Up against a rapidly evolving risk landscape, new regulatory requirements and increased stakeholder scrutiny, executives are ramping up cybersecurity investments, but still perceive their Chief Information Security Officers (“CISOs”) as falling short on key communications imperatives, which can directly impact an organization’s bottom line and reputation.

“It’s clear that executive leadership and CISOs both recognize the importance of cybersecurity risk, but more work needs to be done to ensure they understand each other,” said Meredith Griffanti, FTI Consulting’s Global Head of Cybersecurity & Data Privacy Communications. “Security is a shared goal for these leaders, but what we have seen from our past two studies is that they’re communicating past each other. The CISO speaks in technical jargon, the C-suite and the Board don’t understand it – and you have this endless cycle where the CISO feels the need to make things sound simpler – or better – than they actually are. This hampers the CISO from making a compelling case for investment in certain parts of their cybersecurity program, and also leaves business leaders in the dark about areas where the organization is most vulnerable. Training CISOs on effective presentation and communications skills is crucial to aligning priorities and ensuring all critical stakeholder groups are on the same page about their company’s actual risk profile.”

The C-suite study summarizes findings from a survey of nearly 800 C-suite executives spanning seven sectors across nine countries. FTI Consulting’s first installment of the “CISO Redefined”
series, released in 2022, took the inverse approach and surveyed CISOs. Both studies confirmed mounting leadership expectations for CISOs and associated communications challenges.
According to the C-suite study, 94% of C-suite executives surveyed believe cybersecurity issues increased in prominence over the past 12 months, and a majority deem cybersecurity a critical or high priority. Executives are allocating funds to reflect this new reality, reporting an average increase of 23% in cybersecurity budgets over the next one to two years, and 36% in the next three to five years.

Key findings from the “CISO Redefined” series confirm a communications gap amongst C-suite executives and CISOs:
• A notable 66% of CISOs felt senior leadership struggles to fully understand their role within the organization, whereas 31% of C-suite executives expressed difficulty understanding the tangible return on cybersecurity investment.
• While 82% of CISOs felt a need to make things sound better to the Board, 31% of C-suite executives believe their CISOs paint a brighter picture than the reality – and 30% felt CISOs are hesitant to raise concerns about their organization’s vulnerabilities.
• As far as organizational alignment, 58% of CISOs confirmed they struggle to translate technical language to senior leadership in a meaningful way. Meanwhile, 28% of C-suite executives believed their CISOs have a hard time translating technical terms into business terms, and 30% reported this difficulty when it comes to CISOs expressing cybersecurity risk in financial and material terms.
• While the research points toward a lack of trust and understanding, it also suggests significant leadership buy-in on solutions to help bridge the gap. In fact, 98% of C-suite executives surveyed supported more funding for CISO communications and presentation training, with nearly half characterizing this need as immediate.

To address this disconnect as well as the demand for actionable solutions, FTI Consulting created Secure Your Seat, a communications and presentation training program designed to sharpen CISOs’ skills for effectively engaging with Board and C-suite leaders to limit risk and close their cybersecurity communications gap.

“Clear, candid communication among leaders is a must-have for any organization to appropriately evaluate and protect against the amplified cybersecurity risks confronting all industries and sectors today,” stated Evan Roberts, Senior Managing Director in FTI Consulting’s Cybersecurity & Data Privacy Communications practice. “When C-suite leaders lack insight into the threats they face, they struggle to allocate the right resources to maximize their resiliency and preparedness.”

Survey Methodology
FTI Consulting’s Digital & Insights practice conducted an online survey in November 2023 among 787 C-suite executives at organizations with 500+ employees across FTI’s key industries, representing companies with $21.5 trillion in aggregated revenues and 3.69 million employees globally.
FTI Consulting also conducted an online survey between June and July 2022 of 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with $4.4 trillion in aggregated revenues and employing over 528,000 people.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts