In many companies, cybersecurity remains part of Information Technology, making the CIO a relevant persona to manage cybersecurity risk. This academic research paper seeks to determine how CIO characteristics influence the likelihood of a breach.
How does the public disclosure of a CIO affect the potential for a breach?
- The study found that firms that publicly disclose a CIO's presence are more likely to be breached.
- How do differences between individual CIOs’ characteristics affect the chances of a breach?
- Firms that have CIOs with past technology experience, outside board membership, and tenure as CIOs are less likely to be breached.
Yet CIOs who have been employed in the company for a long time (as roles other than just CIO)are more likely to experience a breach.
Why does this matter for businesses?
- The paper highlights the importance of CIOs and their characteristics in managing cybersecurity risk.
- Following the evidence from the study, companies should consider hiring CIOs with past technology experience, previous CIO experience and time served on external boards to minimise the likelihood of a successful breach (but this isn’t a generalisable recommendation).