Chief Information Security Officers on Top Management Teams: Impact on Firms’ Innovation

The growing frequency of information security breaches and the rising importance of cybersecurity have prompted many firms to include chief information security officers (CISOs) in their top management teams (TMTs). Although CISOs are often viewed narrowly through a security-focused lens, our research shows that their inclusion in TMTs can offer a strategic advantage by significantly enhancing firm innovation. We identify three mechanisms that explain this effect: (1) reducing preventable security risks that might otherwise hinder innovation efforts; (2) enabling the adoption of innovation technologies (e.g., cloud computing, big data) that carry strategic security risks; and (3) strengthening security controls that protect intellectual property and mitigate innovation-related threats. Importantly, the CISO’s background matters. Those with specialized experience—either in the same industry or with prior executive roles—have a stronger impact on driving innovation. This research illuminates how CISOs’ presence on TMTs affects firms’ value creation from a security risk management perspective, and provides guidance for firms seeking to hire CISOs for innovation.