CISOs Challenges & Priorities
Survey Analysis Report
This document provides a thorough understanding of the Challenges and Priorities faced by Chief Information Security Officers (CISOs) or equivalent of companies operating in sectors such as energy, transport, finance, health, food, utilities, public sector, telecommunications, and manufacturing, among others.
The findings of this report are based on an EU-wide survey successfully run by ECSO from November 2020 to January 2021 addressed to CISOs or equivalent, from all over Europe and from a wide range of sectors.
With more than 100 CISO contributions, this document explores a wide panel of priorities and challenges for CISOs, both inside their organisations (three focus points: Certification, Code of Conduct, Board of Directors) and outside (two focus points: Information Sharing, Procurement).
The report proposes both a deep dive sector by sector analysis and a set of cross-sector recommendations on:
- CISOs Roles and Responsibilities
- Budget and investments
- Strategic Information Sharing between CISOs
- Company culture
ECSO to launch a European CISO Community
As a result of this analysis, ECSO announces its intention to create the CISOs European Community (CEC) in the 2nd half of 2021. The CEC will establish a network of cross-sector and cross-border CISOs and facilitate information/strategic intelligence sharing among CISOs supported by a dedicated secure platform initiated by a special collaboration between Intesa Sanpaolo bank and Electricité de France (EDF).
- Survey Analysis Report: CISO's Challenges and Priorities - April 2021
- Sector brochures: Energy, Finance, Health, Transport
- Cross-sector recommendations
What is the Users Committee?The ECSO Users Committee is a European transversal (cross-border and cross-sector) committee where Users and Operators of Essential Services (OES) can share sensitive information and strategic intelligence on cyber threats in a confidential and trusted way. It is our understanding that Users and OES are the drivers of all activity on the European cybersecurity and digital market, and while a dialogue with the public sector already exists, often at the national level, a complementary dialogue with the private sector is also necessary to create a direct impact at the European level.
More information here.