Common Mistakes Chief Security Officers Make

Common Mistakes Chief Security Officers Make

Here are 3 common mistakes chief security officers (CSO) make: Not prioritizing risks:

Certain things might feel risky, but they’re not, while certain other things might feel safe, but they’re risky.


A turbulent flight feels dangerous but is often not, whereas passive smoking might feel safe but is highly risky.

A good CSO can differentiate between what “feels” risky and actual risk.

This allows them to prioritize and mitigate risks effectively. Not alternating between business and technical hats:

A CSO needs to zoom in on technical aspects like:

  • getting the right tools
  • making sure that all those tools communicate to each other and turn noise into actionable insights
  • using clear KPIs and scorecards to drive change
  • building a high-performance team

At the same time, they need to zoom out and focus on:

  • articulating the strategy to other stakeholders
  • conveying the value of a security program and championing the security team
  • being a true business partner to other executives and the board Being reactive, instead of being proactive

80% of the budget today in companies goes towards technologies like firewalls and intrusion detection systems.

These are reactive programs that wait until there is an attack and then start the investigation to stop the attacker.

A CSO must shift the focus to being proactive by always assuming that the attacker is going to get in.

They need to look at:

  • How do you design the system such that it’s as hard to exfiltrate information as possible?
  • How do you start measuring and quantifying risk?
  • What metrics, ratings, and KPIs to use for driving cybersecurity decisions?

3 key responsibilities of a CSO:

  • Prioritize risks
  • Wear both technical and business hats
  • Be proactive

What no. 4 according to you?


SecurityScorecard is the global leader in cybersecurity ratings and the only
service with over 12 million companies continuously rated. The company is headquartered in New York and operates in 64 countries around the globe.

#cybersecurity #cyberrisk #cyberratings #linkedin