The CSO is the Most Important Executive in the Room

When I started working here in America over 20 years ago, I can remember having three executives who made up the “C-Suite” -  the Chief Executive Officer (CEO), Chief Financial Officer (CFO), and Chief Operations Officer (COO). As business and technology have evolved, so has the C-Suite. In 2014, the number of executives in the C-Suite has drastically grown, and there’s a rising trend for companies to create top-level titles around certain areas of expertise, such as security, technology and marketing.Companies like Dell and Kodak have appointed Chief Listeners to their C-Suite, while Google has designated a Chief Internet Evangelist. And Facebook hired not one, but two, Chief Privacy Officers. While positions like these provide added value and surely have some functional role within the company, when someone tells me about their Chief Culture Officer, I tend to become a little skeptical.On the other hand, there have been more vital additions to the C-Suite in recent years. Some of the most widely accepted new C-level executives to enter the meeting room include the Chief Information Officer (CIO), Chief Technology Officer (CTO), and Chief Marketing Officer (CMO). For this year, I believe the most important addition to the C-Suite has been the Chief Security Officer (CSO).

The CSO has become the most important leader in the room due to the all-time high for security breaches in the history of the Internet. The 2014 edition of Verizon's Data Breach Investigations Report, released on April 23, reported that there were 1,367 confirmed data breaches and 63,437 security incidents in 2013. Understanding the level of concern this is causing consumers, companies are spending more money on security programs than ever before.Gartner predicted that the global market on security spending will continue to rise rapidly and is on track to reach $86B+ by 2016. Given that Gartner has predicted the enterprise will be spending $207B on cloud services in that same time frame, that means companies will end up spending an additional 40 percent of their cloud investment on security alone.With this shift in priorities and such a major focus on security, the CIO and CTO can no longer absorb security duties. The need for a CSO is paramount.I like to think of the CSO as the X-factor, if you will, as an organization can now be completely torn apart by just one bad breach. Take Target, for example, who has traditionally been one of the strongest retailers in the business. According to Gartner security analyst Avivah Litan, they are now looking at over $400M in losses from their most recent breach. The damages have been staggering, and in Q4, Target’s net income fell 46 percent.The CSO is now tasked with multiple responsibilities to combat incidences like Target’s. It is no longer enough to just monitor and update company security software. The CSO needs to be proactive rather than reactive. It is the CSO’s job to be conducting active audits on a regular basis, ensuring the company has proper measures in place for any potential threat. The CSO needs to assess the types of attackers, as well as the types of data at risk, readying their company for any security situation it may face.With proper protocol and attention to detail by a responsible CSO, the Heartbleed vulnerability could have been avoided by a lot of the companies who were impacted. Major companies like Yahoo! and Amazon Web Services were forced to revoke and reissue all of their SSL certificates that were leaked by the bug, costing them millions of dollars. A simple line audit of code in the SSL Certificates by the CSO would have shown the vulnerability and allowed them to make the necessary changes.The CSO is now relied on more than ever and his/her role cannot be taken lightly. This role should be a staple for every executive team in business. They are no longer just risk experts but operationally responsible leaders. All parts of your executive team should have open lines of communication with the CSO to ensure optimal operation for the company in the safest environment possible.The CSO role is not a nice to have; it is a must have. So before your company decides to promote your next Chief Culture Officer or introduce a Chief Technology Prophet, make sure there is a CSO already seated in the room.*This post originally appeared on InfoTECH (part of TMCNet).