The second “CISO (Chief Information Security Officer) in the spotlight” survey analyses the evolution of the CISO’s role over the past two years in Luxembourg


Conducted by the CPSI (College des Professionnels de la Sécurité de l’information) and PwC Luxembourg, the survey shows that, despite being under-represented in management committees (only 13% occupy a seat), a CISO, today, serves as a technical expert with clear business understanding and a risk mindset. The study also shows that 76% of CISO's now hold a full-time position, compared to just 53% two years ago.

<< Back
13/02/2019 |
  • Crystal Park

Rise of the CISO: The gradual coming of age of a role and an organisational culture

With the growing awareness that information security breaches expose organisations to severe operational, legal, financial and reputational risk, businesses are realising the benefits of embedding security consciousness, and hence the role of a CISO, into the organisational culture, and making it a core competency.

This is reflected in the latest CISO survey, conducted jointly by the CPSI and PwC Luxembourg. Compared to the results from the 2016 survey, this year’s report shows significant progress in various aspects related to a CISO’s role in an organisation.

There is a growing recognition of allocating a full-time role for the CISO/ISO (Information Security Officer) position. In 2016, just over half of the respondents reported that CISO/ISO roles were full-time. Today, over three quarters consider it to be a distinct, full-time job.

Whereas in 2016 no CISO/ISOs reported working at the executive committee level, today 13% report to the CEO. “The growing proximity to the CEO reflects the recognition of the CISO/ISO as being an executive level contributor, and the organisational seriousness towards information security,” said Greg Pitzer, Partner and Cybersecurity leader at PwC Luxembourg.

The report also shows that for nearly all companies, information security is a priority. As many as 65% of the companies that responded to the survey see it as being a necessity for their organisations. Companies that see information security as an enabler also value the opinion of their CISO/ISOs and take it into account in their decision making process. “If an existing configuration within a company affects the ability of a CISO/ISO to raise security concerns freely, they need to discuss this with the management to make sure they are involved in strategic information security-related decision-making,” added Pitzer.  

A role both complex and gratifying

Most CISO/ISOs (85%) admit that their jobs have become more complex than they were in 2016 due to the fact that the world has become increasingly interconnected and dependent on cloud technology. The key aspect that plagues CISO/ISOs is the reality that people are the weakest link in an organisation. The lack of qualified security professionals and negligent employees working in a complex IT environment are prone to cause the most damage.

“Companies need to establish a cybersecurity culture where everyone has the responsibility to observe and promote security practices and to behave in a way that is aligned with the information security strategy of a company,” said Rodolphe Mans, President, CPSI.

But, despite the increasing complexity of their job, the majority (92%) of the CISO/ISOs consider their role to be great and satisfying. For more information, read the full report here.

Back to top  | << Back

Communiqués liés

Crystal Park

PwC ManCo Index increases by 4.5% from 2018, mainly fuelled ...

4.5% growth and biggest level ever reached

CLT PwC Luxembourg

John Parkhouse builds a new Leadership Team for PwC Luxembou...

It is with great pleasure that PwC Luxembourg announces the new Country Leadersh...

IMG 8832
26/03/2019 Evènements

The 18th edition of “Banking Day” puts spotlight on the ...

Organised by PwC Luxembourg on 22 March 2019, this year’s Banking Day was abou...

IMG-0001 (2)

Les entreprises luxembourgeoises lancées dans la course à ...

À l’horizon 2019, les dirigeants luxembourgeois sont confiants quant aux pers...

JE19 (337)
06/03/2019 Evènements

13ème Journée de l’Economie

Protectionnisme, nationalisme et tensions commerciales mondiales sous les projec...

Crystal Park

The second “CISO (Chief Information Security Officer) in t...

Conducted by the CPSI (College des Professionnels de la Sécurité de l’inform...


Il n'y a aucun résultat pour votre recherche

We use cookies to ensure the best experience on our website. By accepting you agree the use of cookies. OK Learn more