FTI Consulting Study Reveals Significant Communications Gaps Between CISOs and C-Suites Despite Increased Focus on Cybersecurity
- None.
- None.
Insights
The insights revealed by FTI Consulting highlight a dichotomy within the corporate governance structure that could have substantial implications for business operations and investor confidence. The apparent disconnect between CISOs and other C-suite executives is not just a matter of internal communication but also reflects on the company's ability to respond to cyber threats effectively. In a landscape where data breaches can lead to significant financial losses and damage to reputation, the ability of a CISO to communicate effectively is paramount. The findings suggest that there may be a need for enhanced training programs focused on bridging the communication gap between technical and non-technical executives. Furthermore, companies might consider revising their reporting structures or implementing more collaborative platforms that facilitate clearer communication regarding cybersecurity risks.
From a risk management perspective, the report underscores a critical vulnerability within organizational structures. Cybersecurity is not merely a technical issue but a strategic one that affects all facets of a business. The hesitancy of CISOs to report vulnerabilities can lead to a lack of preparedness and delayed response times during cyber incidents, which in turn can exacerbate financial and reputational damage. It is essential for companies to establish a culture of transparency and regular dialogue between CISOs and other executives. This would ensure that potential vulnerabilities are addressed proactively and that there is a unified approach to managing cyber risk. Companies that fail to address this communication gap might see a negative impact on their stock value due to perceived governance weaknesses and increased risk exposure.
The findings from FTI Consulting also shed light on the importance of effective communication strategies within the C-suite. The role of the CISO has evolved from a purely technical position to one that requires adeptness in conveying complex information in a digestible manner for decision-makers. The report suggests a potential misalignment in expectations and perceptions that can lead to inadequate decision-making at the highest levels. To mitigate this, companies might need to invest in communication training for their cybersecurity leaders or even consider creating new roles that act as intermediaries between technical staff and executive leadership. This could improve the overall strategic direction of the company and enhance stakeholder confidence, which is often reflected in the company's stock performance.
Findings Indicate Nearly One-in-Three Executives Believe their CISOs Hesitate to Inform Leadership of Potential Vulnerabilities, Creating Organizational Risk
WASHINGTON, March 26, 2024 (GLOBE NEWSWIRE) -- FTI Consulting, Inc.’s (NYSE: FCN) Cybersecurity & Data Privacy Communications practice today released the second installment of its “CISO Redefined” series, CISO Redefined: Navigating C-Suite Perceptions & Expectations, which reveals that, despite broad agreement on the increasing importance of mitigating cybersecurity risk, a communications gap persists between the C-suite and cybersecurity leaders. Up against a rapidly evolving risk landscape, new regulatory requirements and increased stakeholder scrutiny, executives are ramping up cybersecurity investments, but still perceive their chief information security officers (“CISOs”) as falling short on key communications imperatives, which can directly impact an organization’s bottom line and reputation.
“Security is a shared goal for these leaders, but what we have seen from our past two studies is that they’re communicating past each other,” said Meredith Griffanti, Global Head of FTI Consulting's Cybersecurity and Data Privacy Communications practice. “When the CISO speaks in technical jargon, the C-suite and the board don’t understand it, which can lead to the CISO feeling the need to make things sound simpler – or better – than they actually are. This can leave business leaders in the dark about serious vulnerabilities.”
The C-suite study summarizes findings from a survey of nearly 800 C-suite executives spanning seven sectors across nine countries. FTI Consulting’s first installment of the “CISO Redefined” series, released in 2022, took the inverse approach and surveyed CISOs. Both studies confirmed mounting leadership expectations for CISOs and associated communications challenges.
According to the C-suite study,
Key findings from the “CISO Redefined” series confirm a communications gap amongst C-suite executives and CISOs:
- A notable
66% of CISOs felt senior leadership struggles to fully understand their role within the organization, whereas31% of C-suite executives expressed difficulty understanding the tangible return on cybersecurity investment. - While
82% of CISOs felt a need to make things sound better to the Board,31% of C-suite executives believe their CISOs paint a brighter picture than the reality – and30% felt CISOs are hesitant to raise concerns about their organization’s vulnerabilities. - As far as organizational alignment,
58% of CISOs confirmed they struggle to translate technical language to senior leadership in a meaningful way. Meanwhile,28% of C-suite executives believed their CISOs have a hard time translating technical terms into business terms, and30% reported this difficulty when it comes to CISOs expressing cybersecurity risk in financial and material terms. - While the research points toward a lack of trust and understanding, it also suggests significant leadership buy-in on solutions to help bridge the gap. In fact,
98% of C-suite executives surveyed supported more funding for CISO communications and presentation training, with nearly half characterizing this need as immediate.
To address this disconnect as well as the demand for actionable solutions, FTI Consulting created Secure Your Seat, a communications and presentation training program designed to sharpen CISOs’ skills for effectively engaging with Board and C-suite leaders to limit risk and close their cybersecurity communications gap.
“Clear, candid communication among leaders is a must-have for any organization to appropriately evaluate and protect against the amplified cybersecurity risks confronting all industries and sectors today,” stated Evan Roberts, a Senior Managing Director in FTI Consulting’s Cybersecurity & Data Privacy Communications practice. “When C-suite leaders lack insight into the threats they face, they struggle to allocate the right resources to maximize their resiliency and preparedness.”
Survey Methodology
FTI Consulting’s Digital & Insights practice conducted an online survey in November 2023 among 787 C-suite executives at organizations with 500+ employees across FTI Consulting’s key industries, representing companies with
FTI Consulting also conducted an online survey between June and July 2022 of 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with
About FTI Consulting
FTI Consulting, Inc. is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. With more than 7,900 employees located in 31 countries and territories, FTI Consulting professionals work closely with clients to anticipate, illuminate and overcome complex business challenges and make the most of opportunities. The Company generated
About Secure Your Seat
FTI Consulting’s Cybersecurity & Data Privacy Communications practice offers a one-of-its-kind, six-week training program that equips CISOs to serve as key strategic thinkers and communicators at the C-suite and Board levels. From one-on-one communications and presentation training, to building custom and effective cybersecurity Board reporting frameworks, and conducting a mock Board session in front of industry-leading cybersecurity professionals, Secure Your Seat gives CISOs the tools they need to close the cybersecurity communications gap with their organizational leadership. For more information and details on how to sign up, visit our website.
FTI Consulting, Inc.
555 12th Street NW
Washington, DC 20004
+1.202.312.9100
Investor Contact:
Mollie Hawkes
+1.617.747.1791
mollie.hawkes@fticonsulting.com
Media Contact:
Nick Emmons
+1.617.510.1676
Nick.Emmons@fticonsulting.com
FAQ
What is the title of the report released by FTI Consulting, Inc.?
What does the report reveal about the communication between CISOs and executives?
How does the communication gap impact organizations according to the report?