Blog

At this year’s ClubCISO Maturity Survey, security awareness was ranked as the second most important topic for our CISOs, after GDPR. Internal training on cyber security awareness is now big business and organisations have been investing more of their time and money into training: but how do you know that it is working?

The General Data Protection Regulation (GDPR) is less than 265 days away from coming into force. By now, every IT security professional has heard about it, and the fear of non-compliance with the new regulation — due to its harsh financial consequences — is even reaching the boardroom agenda. But what is not being reported is that the GDPR is actually a very positive event.

The IT skills shortage around information security has been a hotly debated topic for many years, and many experts suggest it will only get worse. The unfortunate truth? Those experts seem to be right, at least according to the 2017 ClubCISO report. The question is, how do businesses even begin to shore up their talent pools?

While the full results of the 2017 report are enlightening and hugely optimistic across the board, we wanted to highlight three areas that sum up the challenges and opportunities for CISOs in today’s enterprise: their role; the relationship with their company boards; and the importance of understanding people and their behaviours.