CISOs: A shift in the chain of command

CISOs: A shift in the chain of command

The threat of data breaches and cyberhacking is more prominent than ever before, especially in the health care industry. According to Healthcare IT News, between February and March of this year, cyberhackers gained access to the health data of over 90 million people between two organizations. Officials are taking note and making the necessary adjustments. The 2015 HIMSS Cybersecurity Survey found that more than half of its respondents have taken action and hired a full-time expert to handle information security. Hiring chief information security officers as a measure to increase information security has become the No. 1 priority for a majority of health care professionals.

Playing a larger role
While the need for hiring in the information security role is understood, not all have recognized that CISOs are no longer working solely in the IT security sector. Their role has increased tenfold and now demands a wide range of expertise. Results from the HIMSS Cybersecurity Survey found that now CISOs are improving policies surrounding organization, establishing security breach strategies and alleviating any threats that do occur. They play a key role in working with government compliance authorities to secure information and are responsible for communicating and advising others in the company.

What does this mean for CIOs?
The demanding role of CISOs has caused a recent shift in the relationship with hospital CIOs. Both officers are of critical importance to the organizations that they serve even though they often have completely different backgrounds and, subsequently, distinct approaches. CIOs tend to be more business minded, while CISOs tend to come from technical backgrounds. In today's world of cybersecurity, however, their roles have begun to intertwine.

Although organizational structure inside office doors varies from company to company, Healthcare IT News reported that more often than not, CISOs are one level below chief information officers. With CISOs now working closely with executives in not just IT but also in legal, compliance and other areas, many have questioned whether this chain of command still makes the most sense. For example, the U.S. House Committee on Energy and Commerce has reorganized so that the two officials are now on the same level. Yet in the U.S. Department of Health and Human Services, the CISO still reports to the CIO, according to Healthcare IT News. Altering the hierarchy in health care organizations is an important step in reaching optimal information security.

The road ahead
When it comes down to it, it is no longer realistic for larger organizations to operate without a qualified CISO at the helm of data security. According to Healthcare IT News, the general partner at Silicon Valley venture capitalist Kleiner Perkins Caufield & Byers, Ted Schlein, noted this and the sudden rise in the need for CISOs across all industries. Schlein said that protecting health care information security today and moving forward into the future is more essential than ever.

"Chief information security officers are going to be rock stars in the future," said Schlein. "I would argue that they'll probably be the most highly paid people in corporate America and around the world going forward."

If experts in the field are correct, perhaps CISOs will even move ahead of their officiating counterparts somewhere down the line.