How can CISOs capitalize on their seat at the table?

According to Gartner’s Board of Directors Survey, 69% of directors confirmed that the effects of the pandemic and the economic crisis dramatically accelerated digital business initiatives in 2020.[1] However, necessity does not always breed success. New risk has been introduced, new access points have emerged, and new technologies need to be secured. As a result, the Chief Information Security Officer (CISO) has gained new-found influence within their organization. This is influence that leading CISOs are using to build stronger security programs. By doing so, they are actively improving security posture while delivering increased business value.

[1] Gartner Says 69% of Boards of Directors Accelerated Their Digital Business Initiatives Following COVID-19 Disruption, September 30, 2020

CISOs have a business-critical role in the new normal

Covid-19 lockdowns have raised the visibility of security as a business issue. CISOs, at the helm of security strategy, now have an unprecedented seat at the boardroom table. According to PwC research, “a majority of CISOs have interacted more frequently with their CEOs (65%) and the boards (50%) during the crisis. In 2019, only 33% of all business and IT executives said that their cyber team communicates effectively with the board and senior executives about cyber risks and adjacent risks.”[1]

A further PWC report points to two-fifths of C-level executives agreeing that there will be more frequent interactions between the CISO and CEO or board in 2021.[2] The opportunity has arrived for CISOs to embed security into the fabric of the organization’s business strategy.

[1] Digital Trust Insights Pulse Survey, PwC, May 2020

[2] PWC, Cyber Security Strategy 2021, November 2020

Six priorities held by forward-leaning CISOs

To make the best use of their newfound seat at the table, CISOs must proactively address the new normal by advocating for the changes necessary to reduce risk. This is a significant task that requires radical security transformation. As well as managing the new complexities and risk introduced by accelerated digital transformation initiatives, organizations need to gain a handle on existing and pervasive risk within their environment. Organizations that are ambitious about the speed and scale of their digitization plans will be more successful if they collaborate with their security chiefs from the start.

To support business-critical digital transformation initiatives while addressing legacy security issues and improving security posture, CISOs have six key priorities.

  1. Retain talent

Digital transformation requires an organization to attract and retain the security industry’s best and brightest talent. With PWC predicting that there are likely going to be 3.5 million unfilled cybersecurity positions globally by 2021[1], the competition for top talent is incredibly fierce and the challenges associated with retaining staff are pronounced. There are opportunities to turn the tide. Covid-19 is an opportunity for organizations to utilize the new normal of ‘work-from-anywhere’ to provide the flexibility that many employees want and compete for those finite resources.

  1. Build resilience

No cybersecurity solution is capable of protecting against every possible form of cyberthreat. Therefore, security programs need to be able to effectively mitigate damage to systems, processes, and reputation, and continue operating once those systems or data have been compromised. They need to address both adversarial threats as well as simple human error.

This includes determining who gains access to the network and how, pinpointing what are the most important assets and services, making sure all critical data is protected, and identifying what controls must be updated to function in a predominately remote workforce.

  1. Accelerate cloud adoption

Cloud services are now a prerequisite for operational agility and business continuity. While the CISO must continue to accelerate cloud adoption to support an ecosystem approach to business operations, they must also ensure that connections are safe, secure, compliant, and aligned with data governance policies. Connecting suppliers, customers, shippers, and employees is more important than ever to allow all parties to work collaboratively and improve decisions. Now is the time to make hard decisions around replacing legacy technologies, expanding cloud infrastructure, and assessing new technologies.

  1. Adopt a zero-trust framework

Accelerated digital transformation has also paved the way for an accelerated transformation to a zero-trust framework. In a recent Deloitte poll, over one-third of security professionals said that the pandemic has sped up their organizations’ zero trust adoption efforts[2]. Prior to the pandemic, interest in zero-trust architectures was primarily being driven by a recognition that the traditional perimeter-centric security model is not compatible with the way businesses are working today. Now, zero-trust has come to the forefront due to the massive volume of remote workers, putting stress on the infrastructure, particularly VPNs.

  1. Increase operational efficiencies

Digital initiatives provide prime ways to improve operational efficiencies. Chief among these is automation, which is fast becoming a hallmark of the smartest and most visionary organizations’ approach to cybersecurity. Companies that can automate routine tasks can free up time for other work that adds more value.

  1. Build effective governance

The most resilient organizations have frameworks for consistent prioritization and mitigation of risk so security teams can stay focused on what matters most. They model and validate compliance requirements across hybrid networks, including those in a business’ supply chain, where data subject to compliance requirements are stored and processed in multiple environments. If improperly managed, the interchange of data between these networks can create an additional opportunity for a compliance failure.

Read about how digitization is reshaping the role and priorities of the CISO in the report, “Accelerated digital transformation in the post-pandemic era: a catalyst for security transformation” Download your copy now.

[1] Cybersecurity Ventures: 2019/2020 Official Annual Cybersecurity Jobs Report, 2019

[2] Zero Trust cybersecurity: Never trust, always verify, July 2020