Press Releases

     View printer-friendly version
Back
FTI Consulting Survey Reveals CISOs Struggle to Effectively Articulate the Business Impact of Cyber Risks
Survey Highlights Critical Communications Struggles, with 66% of CISOs Surveyed Believing Their Senior Leadership Struggle to Understand CISOs’ Roles

WASHINGTON, Oct. 13, 2022 (GLOBE NEWSWIRE) -- A new survey from FTI Consulting, Inc. (NYSE: FCN) reveals the heightened pressure felt by chief information security officers (“CISOs”) as company boards and leadership seek to improve oversight of cyber risks in the face of growing regulatory, investor and media scrutiny. With CISOs required to regularly present to their boards, they now face the challenge of articulating cybersecurity risks and opportunities to an engaged audience, according to CISO: Communications Redefined, Navigating the Journey from Control Room to Boardroom.

This research explores the communications challenges facing CISOs and those in charge of information security and illuminates the struggles of CISOs and information security leaders to more clearly communicate — both internally and externally — their role, leadership and management of cybersecurity.

Among CISOs surveyed, 85% said that the prominence of cybersecurity on the board’s agenda has increased over the last 12 months, with 79% feeling heightened scrutiny from senior leadership. The lack of executive leadership understanding CISOs’ roles (55%) prevents CISOs from articulating critical priorities, with 53% saying their cybersecurity priorities are not completely aligned with their organizations’ C-suite leadership.

Despite this increased prominence, the majority of CISOs (58%) surveyed revealed their struggle to articulate technical information and effectively communicate cyber risk in a manner that the board and senior leadership can understand. Ultimately, a disconnect between the CISO and board and leadership priorities may negatively impact an organization’s ability to effectively prepare for and respond to a cyber incident.

“There is increasing evidence that boards and leadership teams recognize the growing cybersecurity risk to their organizations,” said Meredith Griffanti, a Senior Managing Director and Co-Leader of the Cybersecurity & Data Privacy Communications practice within the Strategic Communications segment at FTI Consulting. “But our research found a clear communication disconnect between executive teams and their CISOs that is hindering organizations from being fully prepared for this risk.”

Other key survey findings include:

  • With mounting pressure, 82% of CISOs claim that they feel the need to positively exaggerate their role to their board.
  • Even as cybersecurity awareness grows, 58% of CISOs struggle to communicate technical language to their boards, and 63% feel that their concerns are not aligned with senior leadership priorities, potentially leaving companies exposed to a possible incident or regulatory sanction.
  • While 88% of CISOs surveyed have experienced a cyber incident in the last 12 months, 46% of the respondents claim these incidents were not mitigated quickly and continue to struggle to rebuild trust and confidence among leadership following the incident.
  • 52% of CISOs claim that managing communications with internal and external stakeholders is the biggest challenge when responding to an incident, and 63% believe that their cyber concerns are not fully aligned with senior leadership’s priorities and could leave companies exposed to a possible incident or regulatory sanction.

While 66% of CISOs feel that their senior leadership struggle to understand the CISO’s role, over half state that they struggle to communicate technical language in a way their board members can comprehend. In response to those results, FTI Consulting asked if respondents would benefit from communications training, and 91% said communications coaching would positively impact their role. Therefore, in the coming months, FTI Consulting will deliver Secure Your Seat, a program that prepares CISOs to successfully navigate between the control room and the boardroom, communicate their value to the board and C-suite peers, and manage the expectations of senior leadership. This communications training program is set to launch in the near future.

Survey Methodology
FTI Consulting’s Cybersecurity & Data Privacy Communications practice conducted an online survey between June and July 2022 of 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with $4.4 trillion in aggregated revenues and employing over 528,000 people.

About FTI Consulting 
FTI Consulting, Inc. is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. With more than 7,000 employees located in 30 countries, FTI Consulting professionals work closely with clients to anticipate, illuminate and overcome complex business challenges and make the most of opportunities. The Company generated $2.78 billion in revenues during fiscal year 2021. In certain jurisdictions, FTI Consulting’s services are provided through distinct legal entities that are separately capitalized and independently managed. For more information, visit www.fticonsulting.com and connect with us on Twitter (@FTIConsulting), Facebook and LinkedIn.

FTI Consulting, Inc.  
555 12th Street NW  
Washington, DC 20004  
+1.202.312.9100 

Investor Contact:  
Mollie Hawkes 
+1.617.747.1791 
mollie.hawkes@fticonsulting.com

Media Contact:  
Matthew Bashalany 
+1.617.897.1545 
matthew.bashalany@fticonsulting.com


Primary Logo

Source: FTI Consulting, Inc.

More Info

Investor Relations Contacts

Mollie Hawkes

Head of Marketing, Communications & Investor Relations

+1 617-747-1791

Megan McLaughlin Hawkins

Senior Director, Investor Relations & Communications

+1 617-747-1740

©2025 FTI Consulting, Inc. All rights reserved. FTI Technology is a segment within the FTI Consulting, Inc. network of affiliated entities worldwide, and is operated as a distinct legal entity in certain jurisdictions, including the U.S. and Australia.

Legal Privacy