From the folder of “Security Doesn’t Matter”, Krebs looked at how many Top 500 companies have security people in executive management roles:
found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO).Only a little more than a third even listed a CTO in their executive leadership pages.
Not surprising. The reality is that security doesn’t matter because its not important. Certainly it is less important than Management, Sales, HR, Accounting and other traditional, non-technical roles.
Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.
Link: A Chief Security Concern for Executive Teams — Krebs on Security – https://krebsonsecurity.com/2018/12/a-chief-security-concern-for-executive-teams/