Chief information security officers (CISOs) are increasingly finding themselves pulled into sales engagements to vouch for their company's product or service cybersecurity. Participating in sales calls is a departure from a CISO's tradition role as a high-level security czar, setting company policies and procedures. The survey suggests a shift in duties of tradition C-suite employees.
According to a recent study, 84% of CISOs have been dragged into sales-related engagements. An even higher number of CISOs (96%) told Checkmarx in a survey (registration required) released Wednesday that potential buyers are increasingly asking the right question: is your product or service secure?
Those takeaways are from a survey of 200 CISOs and executives by Checkmarx conducted in March.
Cybersecurity professionals in the banking and financial services industry were called upon the most, as 50% of CISOs in those industries said AppSec is strongly considered in purchasing decisions compared with 24% in the industrial and manufacturing industry.
When asked how often they have been pulled into sales engagements, 45.5% of CISOs said “very often,” while 38% replied “often.”
"The CISOs we work with are increasingly called to demonstrate the security of their businesses' products and services in sales engagements, and in board discussions they're presented with more opportunities to shape organizational processes,” said Sandeep Johri, Checkmarx CEO, in a news release.
Checkmarx said CISOs have traditionally been focused on the risk management of their organizations and have been seen as a drag on the business instead of an important enabler of business growth. But as the Checkmarx survey suggested, AppSec is becoming an important factor in driving sales.
The survey found 42% of respondents said they make their application security reports public, while 44% said they are willing to show their reports upon request from potential buyers.
In addition to sales, more than three-quarters (77%) of CISOs said that at least half of their organization’s business runs on applications they are responsible for securing.
Just over half of respondents, 51%, said application security is a bigger priority for their company’s CEOs or boards this year compared with last year, while 73% said their AppSec budgets increased in 2023.