Security experts advise CISOs to consider such perception problems when setting security strategies and communicating cybersecurity’s value to colleagues and the board. For example, by emphasizing authentication behavioral analytics and other forms of passwordless protections, CISOs can show how their approaches deliver better protections with less friction, thereby helping lines of business (LOBs) to do their jobs securely and without unnecessary end-user effort.
Jeff Pollard, a vice president and principal analyst at Forrester, says another factor that undermines CISO-LOB and CISO-CEO relationships is the way that enterprise compensation is determined, a process that unintentionally sets CISOs on a collision course with LOB execs, the CEO, and the CFO.
“Think about the CEO and the LOB executives. They all have a P&L because they run a line of business. The vast majority of CISOs, however, have a budget but no P&L. That is a drastic difference,” Pollard says, adding that this common situation makes the CISO’s department look like just a cost center.
