Some of the largest U.S. companies are looking to hire cybersecurity experts in newly elevated positions and bring technologists on to their boards, a sign that corporate America is increasingly worried about hacking threats, Reuters reports.
JPMorgan Chase & Co, PepsiCo Inc, Cardinal Health Inc, Deere & Co and The United Services Automobile Association (USAA) are among the Fortune 500 companies seeking chief information security officers (CISOs) and other security personnel to shore up their cyber defenses, according to people with knowledge of the matter.
While a CISO typically reports to a company's chief information officer (CIO), some of the hiring discussions now involve giving them a direct line to the chief executive and the board, consultants and executives said. After high-profile data breaches such as last year's attack on U.S. retailer Target Corp, there is now an expectation that CISOs understand not just technology but also a company's business and risk management.
"The trend that we are seeing is that organizations are elevating the position of the CISO to be a peer of the CIO and having equal voice associated with resource priorities and risk decisions," said Barry Hensley, executive director at Dell SecureWorks' Counter Threat Unit.
Large corporations have recently hired CISOs for between $500,000 and $700,000 a year, according to Matt Comyns, global co-head of the cybersecurity practice at search firm Russell Reynolds Associates. Compensation for CISOs at some technology companies with generous equity grants have reached as high as $2 million, he said.
In comparison, CISOs who have been with a company for five or more years are on $200,000 to $300,000 per year, Comyns said, according to Reuters
Security experts have often criticized corporate America for being too complacent about cyber risks and for not doing enough to protect their computer networks from hackers.
A recent PwC survey found the vast majority of cybersecurity programs fell far short of guidelines drafted by the Commerce Department's National Institute of Standards and Technology (NIST). Only 28 percent of more than 500 executives surveyed said their company had a CISO or Chief Security Officer.
Recruiters and executives said companies are increasing both the size and budget of their security teams. By the end of 2014, JPMorgan's annual cybersecurity budget will rise to $250 million from $200 million in 2012, CEO Jamie Dimon said in April. And the largest U.S. bank will have about 1,000 people focused on cybersecurity, compared with 600 people two years ago, he said.
A JPMorgan spokesman said the bank will continue to invest and expand its security team, but declined to confirm if the firm was looking for a CISO.
As companies look for CISOs, many boards are seeking directors with technology know-how so that they can better understand cyber risks. Matt Aiello, co-head of the cyber practice at Heidrick & Struggles, said he is seeing "unprecedented" demand for CIOs to serve on boards.