You would be hard-pressed to identify a role that has seen a greater increase in importance and growth over the past two years — across industries — than the CISO. In 2019, nearly 40% of the Fortune 500 was without a CISO; now that number is almost zero. Furthermore, it’s not just the Fortune 500 who are seeking out security leadership today; companies across growth stages are competing for a limited, but increasing, pool of qualified security executives.
Further amplifying the demand for security leaders is the SEC’s proposed new cybersecurity disclosure rules for public companies that stress the importance of cybersecurity expertise and inclusion on boards as a critical part of corporate governance and board oversight going forward. In preparation, public company boards will want to make sure that their companies are taking steps towards compliance now.
Where SPMB can help…
Finding the perfect security expert for your business is unlike any other executive hire given the unique nature of the role and how security impacts your business, influences your product, and enables your customers. SPMB’s Security practice — named one of the top 40 cybersecurity firms by Hunt Scanlon — recently aggregated data and key takeaways from our search work. We paired our data with some industry research, to shed light on when and how to hire the right CISO to fit your business’ unique needs.
Our CISO Practice | By The Numbers
PLACEMENTS (2020 – Present):
~60% self-identify as diverse hires.
~50% moved from traditional, highly regulated verticals, into software/technology companies.
~55% of companies were hiring their first external CISO.
>$100M CISOs are no longer just for the $B public company. In 2021, we led the search for a sub $100M company, and this number continues to decrease as the function’s importance increases.
~91% of boards are not extremely confident they are protected from the risks that face their company, up from 80% a year ago.
~39% of companies have cybersecurity as a standing agenda item for quarterly board meetings, up 10% since the previous year.
~17% of CISOs at F500 companies are women and 21% are non-white.
$6.3M is the average ransom paid by a US company successfully targeted by ransomware.
Sources: Tapestry Networks and Marlin Hawk.
C-Level Security Talent | Key Takeaways
KEY DEVELOPMENTS FOR THE CISO FUNCTION:
- BOARD EXPOSURE IS CRITICAL. As companies continue to drive awareness around security threats, it’s critical that a company’s board understands these threats. Security leaders who can outline a strategy, secure funding, execute a plan, and articulate results to the board (and beyond) are the standard today.
- SECURITY IS YOUR SALES SECRET WEAPON. Your customers are seeking guidance and input from their vendor’s security leader. Leveraging your CISO’s expertise in the sales process builds credibility, creates a feedback loop for product improvements, and creates a level of trust with your customers that is irreplaceable.
- BROADENED REMIT. Security is no longer a silo. Not only is security top of mind across every part of your organization, but it’s paramount that your security leader is involved in nearly every part of your business. Security leaders’ expanded role goes beyond sales — they are now involved in early-stage product development, serve as a critical partner to legal and finance, and have direct access and regular 1v1 time with the CEO.
- REPORTING STRUCTURE REMAINS TOP OF MIND. There will never be a perfect answer to the question “where should my CISO report?” You can make a case for almost any reporting structure, whether it’s into your CIO, CTO, COO, CFO, or even General Counsel. The slow, but present, trend is having your CISO report directly to the CEO, especially in cases where they have an expanded remit beyond traditional security.
SPMB’s Recent Placements | Security Leadership Projects
- CDK Global | Chief Information Security Officer
- Fortive | Chief Information Security Officer
- Procore | Chief Information Security Officer
- Gigamon | Chief Information Security Officer (Active)
- Cradlepoint | Chief Security & Trust Officer
- Vontier | Chief Information Security Officer
- Lucid Motors | Sr. Director of Security & Compliance
- DNANexus | Vice President, Security & IT
Radley Meyers, SPMB Client Partner
Radley partners with a variety of technology and tech-enabled-services companies placing senior-level executives. Clients include venture capital-funded, private equity-backed, and publicly traded companies. His core expertise is in security. He leads the CISO practice at SPMB, focused on helping companies identify security leaders to define and build out their security strategy. Radley also spends his time building out the executive teams at top security companies. This combined search experience provides him with a unique perspective and deep understanding of the security market from all sides.