In fact, the role of CISO is likely to morph into more of a consultative function, Durbin says. "CISOs will need to be consultants and salesmen," he says. "They need to be able to look into the business strategy and then sell the appropriate concepts of how to manage information security risk in a consultative fashion."
In time, "we may see the arrival of a new [position] at the board level, like chief digital officer, someone responsible for managing the organization's role in cyberspace and who naturally oversees all cybersecurity matters," Durbin says.
Regardless of how things pan out for security executives, organizations need to take steps to strengthen the security function.
"There is clearly a gap; the question is, how do we bridge it?" Durbin says. "As we move more into the cloud, mobile technology and social media, it's especially incumbent on businesses to understand the risk."
Sign up for CIO Asia eNewsletters.