The 2015 State of the CSO survey, based on responses from 366 security decision-makers, explores the evolving role of Chief Security Officers (CSOs) in organizations, focusing on security strategies, management perceptions, and the impact of recent data breaches on security standards. Key findings indicate that a significant number of organizations are reevaluating their security practices in light of major breaches and that senior management is increasingly valuing risk management. Additionally, the survey highlights a growing dissatisfaction with the quality of security vendor products and services.

1. State of the CSO
2015

2. 2
Purpose and Methodology
SURVEY SAMPLE
TOTAL
RESPONDENTS
366 Security
Decision-Makers
MARGIN OF ERROR +/- 5.1%
AUDIENCE BASE CSOonline.com
visitors, CSO LinkedIn
Forum members and
email invitations to
audience.
COLLECTION Online Questionnaire
NUMBER OF
QUESTIONS
26 (incl. demographics)
Mitigating risk and keeping an organization
secure continues to be a challenge. CSO’s
annual State of the CSO survey is conducted to
provide a complete overview of the evolving role
of CSOs in today’s business climate, from
security strategy, to metrics, budget and
function ownership.
SURVEY GOAL
SURVEY METHOD
Source: State of the CSO Survey, CSO, 2015

3. 3
Big Breaches = Security Practices Reevaluation
Q. Have recent big name data breaches (such as those experienced by eBay, Neiman Marcus and Target) caused your
organization to reevaluate its information security standards?
49%
44%
7%
Source: State of the CSO Survey, CSO, 2015
Not Reevaluating
Not Sure If They
Are Reevaluating
Reevaluating

4. 4
Most Likely to Directly Report to CEO
Q. To whom do you directly report?
Source: State of the CSO Survey, CSO, 2015
23%
21%
8% 8% 8%
7%
4%
13%
Chief Executive
Officer (CEO)/
President/ Owner/
Partner
Chief Information
Officer (CIO) or
Equivalent
Chief Security
Officer (CSO)
Chief Financial
Officer (CFO) or
Equivalent
Chief Technology
Officer (CTO) or
Equivalent
Chief Operating
Officer (COO) or
Equivalent
Chief Risk Officer
(CRO) or Other
Risk Management
Function
Other

5. 5
Increasing Value in Managing Risk
Q. In the past 12 months, has your organization's senior management placed more, less or the same value on risk
management?
Q. In the next 12 months, how do you expect the value senior management places on risk management to change?
51%
13%
35%
70%
5%
19%
More Value Less Value No Change
Past 12 Months Next 12 Months
Source: State of the CSO Survey, CSO, 2015

6. 6
Source: State of the CSO Survey, CSO, 2015
5%
34%
35%
37%
40%
56%
62%
67%
72%
77%
82%
87%
Other
Sales/Marketing
Supply Chain
Third Party Technology Ecosystem
Loss Prevention
Human Resources
General Counsel/Legal
Physical/Corporate Security
Financial Risk/Insurance
Executive Management
Business Continuity/Disaster Recovery
Information Security
Collaboration Needed for Successful ERM Implementation
Q. Which of the following disciplines, departments or groups are included in your organization’s formal Enterprise Risk
Management process? (base: use a formal ERM process that incorporates multiple types of risk)
6.5
departments on
average involved
in formal ERM
process

7. 7
Satisfaction Decreasing with Security Vendors
Q. In general, how satisfied are you with the quality and relevance of products and services offered by security vendors?
Source: State of the CSO Survey, CSO, 2015

8. 8
Learn More
Source: State of the CSO Survey, CSO, 2015
For more information on this study, contact Sue Yanovitch, VP of
Marketing, at syanovitch@idgenterprise.com.