GoKawiilWithout a dedicated seat at the board, CISOs continually face pressure to downplay security findings that could be critical.
CISOs contend with increasingly advanced attacks, evolving compliance and regulation standards, and constant worry about what will happen to the company and themselves if a breach does occur. Stress, pressure, blame, and panic have become synonymous with the role.
A recent Checkmarx report, The Future of Application Security in the Era of AI, found 95% of CISOs "feel pressured to suppress or delay compliance-related security findings." The report surveyed 2,350 developers, application security managers, and CISOs, and found concerning news.
The 95% figure came as no surprise to Darren Meyer, research advocate for Checkmarx. As a practitioner, he has been on the end of having to push CISOs to disclose.
"There is a lot of pressure on one hand to disclose and the other: 'Hey, maybe not yet. Don't say anything until we have a really good solution'", Meyers tells Dark Reading.
Related:AI Risk Worries Insurers & Businesses Alike
Mounting pressure affects transparency, and in some cases, failing to disclose could have a significant impact on customers and businesses, especially if a breach leads to legal action, he adds.
The Call Is Coming From Inside the House
CISOs don't face pressure from one source. Instead, it comes from the board, public relations (PR), and product and sales teams. Some of it derives from C-level executives concerned about timing, who warn: "Don't talk about this before an earnings call" reveals Meyer.
Itβs not always a demand for CISOs to stay silent, but rather to wait. Time to delivery is one primary contributing factor, with someone asking the CISO to wait because the company needs to push out production, says Meyer.
... continue reading