Shifting Regulations and Emerging Threats Cause Nearly a Third of CISOs to Consider Leaving Their Roles

A new Devo and Wakefield Research survey found that 66% of CISOs have taken action to protect themselves from legal fallout

BOSTON, April 23, 2024 (GLOBE NEWSWIRE) -- Devo Technology, the security data analytics company, today unveiled the results of a new study examining the evolving role of the CISO and their sentiments toward the shifting threat and regulatory landscape. The survey found that new regulations, such as the U.S. Security and Exchange Commission’s (SEC) cybersecurity rules, have caused CISOs to reconsider their roles and take action to protect themselves should they find themselves involved in legal trouble.

The survey, conducted by Wakefield Research on behalf of Devo, demonstrates that many CISOs feel uneasy about emerging regulations and new threats and also feel there is a general lack of understanding about the CISO role.

CISOs Eye the Exit and Focus on Protecting Themselves
Respondents to the survey reported they felt the pressure of their roles mounting on them. More specifically:

  • Nearly one in three (32%) of the CISOs surveyed think about leaving their roles because of the constantly changing threat and regulatory environment.
  • A strong majority (66%) have taken action to protect themselves, with 52% of the respondents saying they obtained an indemnification agreement with their organization to ensure the company covers the costs of defending against any potential lawsuits or investigations.
  • Furthermore, 47% of respondents asked their organizations to provide personal liability insurance or other cyber liability policies, while 31% sought outside legal counsel to protect themselves.

The SEC Cybersecurity Rules in Focus
The regulatory landscape constantly shifts, with new country- and industry-specific regulations emerging regularly. The SEC cybersecurity rules are the latest and most-discussed rules recently implemented, and CISOs have poignant thoughts about them:

  • 54% of the survey respondents said they were not very prepared to comply with the new SEC rules, especially those at companies with 2,500 or more employees (61%).
  • CISOs admit to struggling with the SEC rules due to issues relating to internal alignment between departments (30%) and their ability to gather data from different departments (27%).

Split Reporting Structures and CISO Role Ambiguity
The survey found that not all CISOs have a direct line to the CEO. Additionally, the survey shed light on how CISOs felt the role was perceived across their organizations and what CISOs' top priorities are going forward:

  • Over half (53%) of respondents report to their CIO or other IT leaders, while 44% report to their CEO. The survey found that those who reported to the CEO were more likely to struggle to comply with the SEC rules (97%) than those who reported to the CIO or other IT leaders (37%).
  • Over 60% of respondents reported that their organization is failing to communicate the CISO role, with a quarter of the respondents sharing that they think their organization doesn’t place enough emphasis on the importance of cybersecurity when speaking about the CISO role to the broader organization.
  • As CISOs navigate these challenges, the respondents were clear on their top three needs to do their jobs effectively, with 69% of CISOs focused on security technology integration, 68% on security strategy and governance, and 58% on legal compliance and collaboration.

“The CISO role is notoriously ambiguous, as security needs can vary greatly from one organization to another,” said Devo CISO Kayla Williams. “New regulations and threats are causing many to pause and reflect on whether they want this job and, if they do, how they can protect themselves. However, CISOs should look at emerging rules and regulations as an opportunity to advocate for what they need to do their jobs effectively.”

Read the full survey results in Devo’s "The Modern CISO" guide, which also features additional data and insights from Keyfactor, CyberSN, and CISOs from leading organizations.

Devo is also exhibiting at booth #343 at the 2024 RSA Conference from May 6-9:

  • The Modern CISO Guide Giveaway: Devo is giving away free hard copies of its newly published guide, “The Modern CISO: An Essential Guide for CISO Success.”
  • CISOs in the Hot Seat Panel Discussion: On Wednesday, May 8, Devo CISO Kayla Williams and industry-leading CISOs will discuss the changing threat and regulatory landscape, providing practical advice on addressing these challenges head-on.

To learn more about Devo’s RSAC presence, visit this page:

Survey Methodology
The Devo Survey was conducted by Wakefield Research among 200 CISOs from larger organizations, defined as companies with $500 million+ in revenue, between February 20 and March 1, 2024, using an email invitation and an online survey.

Devo Technology replaces traditional SIEMs with a real-time security data platform. Devo’s integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real time. Headquartered in Boston, Massachusetts, with operations in North America, Europe and Asia Pacific, Devo is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at


Contact Data