Regulations and compliance make the job of the CSO more difficult than ever

News by SC Staff

The role of the chief security officer (CSO) is more challenging than ever before.

The role of the chief security officer (CSO) is more challenging than ever before.


A survey at the CSO Interchange, held last week in the City of London, found that 64 per cent of CSOs comply with regulatory requirements because of the risk of incurring major penalties, reputational damage and/or the loss of vital licenses to operate.


The survey also found that 16 per cent claimed to be motivated by a belief that it would improve their risk profile or level of security and 16 per cent claimed that regulations had no real influence at all on their actions.


From this, 66 per cent agreed that regulatory requirements were ill defined and left CSOs and organisations at the mercy of expensive consultative interpretation.  A further 31 per cent considered existing regulations to be overly complex, burdensome and costly to implement.  


Meanwhile 64 per cent expressed the belief that the task of securing their network is more difficult today than a year ago, with just seven per cent thinking it was easier and 28 per cent believed that it was the same as a year ago.


Marcus Alldrick, CISO of Lloyd's and a moderator for the round table on compliance, said: “The predominant feeling of the group was that regulations were increasingly becoming prescriptive with the end customer specifically in mind, rather than principle based with organisations incorporating them in their business models.


“The group also commented on the resulting increased level of complexity for organisations operating across national boundaries where different regulations applied, which made the CSO job particularly difficult.”


Philippe Courtot, CEO of Qualys and founder of CSO Interchange, said: “The discussions once again highlighted the difficult and complex role of the CSO: fighting organised crime, dealing with limited budget, educating users, responding to the business need for more third party interaction - which naturally increases security risks - and having to ensure that corporations answer regulatory requirements. Our job as a security vendor is to help CSOs meet these challenges in the most effective way possible.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews