A recent report highlights that 95% of Chief Information Security Officers (CISOs) feel pressured to delay or suppress the disclosure of negative security findings. This pressure arises from various sources including the board, PR teams, and C-level executives who prioritize business objectives over transparency. CISOs face a balancing act between customer service and maintaining security integrity.
Many times, this pressure leads to a culture that treats security disclosures as obstacles rather than necessary insights. Experts suggest involving CISOs in broader business strategy discussions could alleviate these pressures and promote a culture of transparency.