{"id":5558,"date":"2025-10-28T07:00:00","date_gmt":"2025-10-28T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5558"},"modified":"2025-10-28T07:00:00","modified_gmt":"2025-10-28T07:00:00","slug":"70-of-cisos-say-internal-conflicts-more-damaging-than-cyberattacks","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5558","title":{"rendered":"70% of CISOs say internal conflicts more damaging than cyberattacks"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself.<\/p>\n<p><strong>\u201c<\/strong>CISO-CEO tension, unclear authority, unrehearsed scenarios, and communication gaps between key teams cripple breach response despite major investments in tools and talent,\u201d concludes the <a href=\"https:\/\/cytactic.com\/resources\/cybersecurity-incident-response-management-report-2025\/\">Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report<\/a>, based on a survey of 480 senior US cybersecurity leaders. \u201cBlurred authority and shifting responsibilities frequently delay response efforts, creating more\u00a0disruption than the attackers themselves.\u201d<\/p>\n<p>But analysts and security specialists say much of the problem stems from alignment and perception issues that have taken hold well before cyberattacks require all-hands response, such as the incorrect belief that everything a CISO proposes slows down operations, making it harder to achieve revenue targets.<\/p>\n<p>Security experts advise CISOs to consider such perception problems when setting security strategies and communicating cybersecurity\u2019s value to colleagues and the board. For example, by emphasizing authentication behavioral analytics and other forms of passwordless protections, CISOs can show how their approaches deliver better protections with less friction, thereby helping lines of business (LOBs) to do their jobs securely and without unnecessary end-user effort.<\/p>\n<p><a href=\"https:\/\/www.forrester.com\/analyst-bio\/jeff-pollard\/BIO10584\">Jeff Pollard<\/a>, a vice president and principal analyst at Forrester, says another factor that undermines CISO-LOB and CISO-CEO relationships is the way that enterprise compensation is determined, a process that unintentionally sets CISOs on a collision course with LOB execs, the CEO, and the CFO.<\/p>\n<p>\u201cThink about the CEO and the LOB executives. They all have a P&amp;L because they run a line of business. The vast majority of CISOs, however, have a budget but no P&amp;L. That is a drastic difference,\u201d Pollard says, adding that this common situation makes the CISO\u2019s department look like just a cost center.<\/p>\n<p>To fix that disconnect, Pollard says, CISOs must remind their CEO and LOB colleagues \u2014 loudly and often \u2014 that security initiatives indeed deliver revenue, marketshare, and customer retention.<\/p>\n<p>\u201cEvery single customer that is rolling into those lines of business\u201d are \u201cfilling out third-party risk management questionnaires and they are looking at audits,\u201d Pollard says. \u201cWhat CISOs are failing to do is showcasing that fact by saying things like, \u2018When we bought that tool, it was not because we were bored. It was because one of your customers was asking, \u2018Hey! What are you doing about web attacks on services from you that we use?\u2019\u201d<\/p>\n<p>Pollard continues: \u201cThat\u2019s where CISOs help with revenue. It\u2019s because somewhere there is a customer \u2014 and probably a big one \u2014 who wanted it.\u201d<\/p>\n<p>Pollard advises security leaders to tell their CEOs and business colleagues, \u201c\u2018I am not introducing friction. I am delivering what our customers are forcing us to do.\u2019 Showcase the reasonwhy you are doing what you are doing. \u2018Because it\u2019s your customers who are asking for these things.\u2019\u201d<\/p>\n<p>Cybersecurity consultant <a href=\"https:\/\/formergov.com\/directory\/brianlevine\">Brian Levine<\/a>, a former federal prosecutor who today serves as executive director of FormerGov, a directory of former government and military specialists, argues that the differing approaches of different company executives should also be spun as a good thing.\u00a0<\/p>\n<p>\u201cYou want to have the conflict. The different incentives and motivations and expertise allow different ways of thinking about the company and finding ways to make it successful,\u201d Levine explains. \u201cThe first thing is to not see that conflict as the problem.\u201d<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/cj-dietzman-cissp-cisa\/\">CJ Dietzman<\/a>, senior vice president at Alliant Insurance Services, says CISOs also need to focus on what every LOB needs and try to address that. In other words, put the business first and address cybersecurity within that context. If CISOs can help their LOB exec colleagues deliver to their targets, cybersecurity will have their loyalty and support \u2014 which will go a long way toward easing internal tensions when a cyber crisis arises.\u00a0<\/p>\n<p>\u201cKnow your business, CISO,\u201d Dietzman says. \u201cYou should never lead with cybersecurity.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Roughly 70% of security executives believe internal conflicts during a crisis cause more problems than the cyberattack itself. \u201cCISO-CEO tension, unclear authority, unrehearsed scenarios, and communication gaps between key teams cripple breach response despite major investments in tools and talent,\u201d concludes the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report, based on a [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5559,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5558","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5558"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5558"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5558\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5559"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5558"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5558"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5558"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}