Skip to main content
close search
site logo
Dive Brief

4 roles security organizations will see in 2021

Published Oct. 22, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
"Numbers And Finance" by Ken Teegardin is licensed under CC BY-SA 2.0

Dive Brief:

  • About 60% of CISOs are overwhelmed by "a high volume of information and data," according to a Gartner survey. At least half of CISOs are "overloaded" with security alerts. 
  • More than one-third of CISOs work between 50 to 75 hours a week, while 58% work between 35 to 50 hours. "There aren't enough hours in the day, and this is one of the problems that's inhibiting the creation of new security knowledge," said Jay Heiser, VP analyst at Gartner, while speaking at the Gartner IT Symposium/Xpo Americas Wednesday.
  • Next year, 30% of security programs will add two roles pertaining to risk and digital ecosystems, though they might not be considered a part of the security team, according to Gartner. Titles will vary, but Gartner expects the roles to include chief of staff for security, cloud security architect, security ombudsman and business liaison.

Dive Insight:

The uncertainty digital transformation thrusts onto security, pushes organizations to find the balance between "desire for change and the need for control," said Heiser. And that includes being adaptive to risk-based decisions on a daily basis instead of getting "trapped with old assumptions." 

The line of business needs "to understand what it is we do. If they overestimate or underestimate our form of service, if they take us for granted, or assume that we're not necessary, they're not going to understand the benefits of what we provide," said Heiser. The line of business will also be unable "to help us make good decisions," even though cybersecurity decisions will fall onto them more often. 

Gartner called for chief risk officers in 2016, though Heiser said the research firm got it slightly wrong as many companies lack a CRO. Instead, 71% of security leaders are more focused on information security than risk management and only 7% report their company's enterprise risk management team. 

"Every chief information security officer is expected to be a jack of all trades, but not all of them are doing all trades," said Heiser. "No two security leaders do the same task," which may be why 40% of CISOs are given "unrealistic expectations" by stakeholders. 

In a Gartner survey, 100% of security leaders said they're responsible for information security while 69% included IT risk management, followed by security operations center, data privacy and network security. Only half of leaders cite identity access management as part of their scope. Though far less, 32% of security leaders also claim product security as one of their responsibilities. 

"We're in a period of experimentation," said Heiser, and the digital demands of the business are forcing security out of silos. With a remote workforce especially, companies are divvying up security responsibilities for users to be self-sufficient. 

"The CISO is incapable of managing all emerging digital ecosystems without more technology to do it for them. "Unfortunately, everybody else in the IT department is also asking the CIO for new tools to help them," said Heiser.

Recommended Reading

Filed Under: Leadership & Careers

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Leadership & Careers
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell