State of the CSO 2015

2

Purpose and Methodology

SURVEY SAMPLE

TOTAL

RESPONDENTS

366 Security

Decision-Makers

MARGIN OF ERROR +/- 5.1%

AUDIENCE BASE CSOonline.com

visitors, CSO LinkedIn

Forum members and

email invitations to

audience.

COLLECTION Online Questionnaire

NUMBER OF

QUESTIONS

26 (incl. demographics)

Mitigating risk and keeping an organization

secure continues to be a challenge. CSO’s

annual State of the CSO survey is conducted to

provide a complete overview of the evolving role

of CSOs in today’s business climate, from

security strategy, to metrics, budget and

function ownership.

SURVEY GOAL

SURVEY METHOD

Source: State of the CSO Survey, CSO, 2015

3

Big Breaches = Security Practices Reevaluation

Q. Have recent big name data breaches (such as those experienced by eBay, Neiman Marcus and Target) caused your

organization to reevaluate its information security standards?

49%44%

7%


Not Reevaluating

Not Sure If They

Are Reevaluating

Reevaluating

4

Most Likely to Directly Report to CEO

Q. To whom do you directly report?


23%

21%

8% 8% 8%7%

4%

13%

Chief ExecutiveOfficer (CEO)/

President/ Owner/Partner

Chief InformationOfficer (CIO) or

Equivalent

Chief SecurityOfficer (CSO)

Chief FinancialOfficer (CFO) or

Equivalent

Chief TechnologyOfficer (CTO) or

Equivalent

Chief OperatingOfficer (COO) or

Equivalent

Chief Risk Officer(CRO) or Other

Risk ManagementFunction

Other

5

Increasing Value in Managing Risk

Q. In the past 12 months, has your organization's senior management placed more, less or the same value on risk

management?

Q. In the next 12 months, how do you expect the value senior management places on risk management to change?

51%

13%

35%

70%

5%

19%

More Value Less Value No Change

Past 12 Months Next 12 Months


6Source: State of the CSO Survey, CSO, 2015

5%

34%

35%

37%

40%

56%

62%

67%

72%

77%

82%

87%

Other

Sales/Marketing

Supply Chain

Third Party Technology Ecosystem

Loss Prevention

Human Resources

General Counsel/Legal

Physical/Corporate Security

Financial Risk/Insurance

Executive Management

Business Continuity/Disaster Recovery

Information Security

Collaboration Needed for Successful ERM Implementation

Q. Which of the following disciplines, departments or groups are included in your organization’s formal Enterprise Risk

Management process? (base: use a formal ERM process that incorporates multiple types of risk)

6.5departments on

average involved

in formal ERM

process

7

Satisfaction Decreasing with Security Vendors

Q. In general, how satisfied are you with the quality and relevance of products and services offered by security vendors?


8

Learn More


For more information on this study, contact Sue Yanovitch, VP of Marketing, at [email protected].

State of the CSO 2015

Technology

Transcript of State of the CSO 2015