Information technology (IT) is widely recognized as a critical component of business operations, but the security of a company's IT often does not receive as much attention. Breaches of a company's cybersecurity can result in serious losses, not only due to direct theft, but also through potential liability to regulators and customers. Despite some highly-publicized cybersecurity breaches, a recent survey of top-level corporate executives found that nearly three-fourths of those surveyed did not think the Chief Information Security Officers (CISOs) merit a place at a corporation's "leadership table." Nearly half of them see the role of a CISO as someone to take the fall if a breach occurs. Businesses, including small businesses and entrepreneurs, should seriously consider allocating resources to protect their IT.
The technology industry publication SearchSecurity defines a CISO as the executive "responsible for aligning security initiatives with enterprise programs and business objectives," and with "ensuring that information assets and technologies are adequately protected. This includes maintaining oversight of a company's entire system of computers and computer networks, which can be a colossal task in a large organization. A CISO must keep a company's hardware, software, and data safe from intrusion by both outsiders and insiders, while allowing business operations to run unhindered.
The role of the CISO has grown in importance recently, particularly after several large and highly-publicized cybersecurity breaches at major retail chains like Target and Home Depot, which exposed the personal financial information of millions of consumers. Target announced that it hired a CISO about six months after its breach. Since information is vulnerable from both cyberattacks via the internet or another network and physical intrusions on a company's hardware, some corporations merge a CISO's role with that of a chief security officer (CSO), commonly responsible for the security of a business' physical assets.