The growth of Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), social networking and cloud services has resulted in a constantly changing business threat landscape. Cyber security is rapidly moving up the C-suite agenda as a result, and has gained more recognition at the board level. Highly publicised breaches and more stringent regulation have also spotlighted cyber security in every organisation, from startups to multinationals.
The lasting effects of the global economic downturn have also forced many organisations to introduce significant efficiencies in their operations. This means businesses are now far more likely to adopt new technologies or approaches that reduce costs, irrespective of the risks they might introduce. And too often, businesses still lack a dedicated, board-level owner of cyber security and risk management who is engaged in the overall strategy of the business.
Organisations must move quickly to understand and manage fast-changing cyber and other social media threats, or risk being caught out. Equally, managing these new cyber opportunities and risks can bring benefits in innovation, productivity, competitiveness and customer engagement.
One answer to this is to implement a next-generation chief information security officer (CISO). Building on the traditional skills of information security officers, next-generation CISOs have a wide skillset that includes an understanding of cyber security and risk management, as well as an ability to communicate at C-suite level.
Traditional information security officer skills are no longer enough
The role of the traditional CISO has evolved over the past few years, and digital developments have affected this area as much as any other. Advances in cyber security, information security, risk management and other aspects of technology have put a vast new set of demands on the CISO.
Of course, the basics remain the same: information security (IS), information risk management (IRM), data protection and classification, and oversight of audits, governance and compliance, as well as technical, operational, legal and regulatory risks. But the basics are no longer enough. The business and threat landscape is changing rapidly, and organisations that don’t keep up are at serious financial, reputational, legal and regulatory risk. Ultimately, their boards will be held accountable.
This has resulted in the expansion of the CISO role to create a next-generation CISO that covers many additional elements, including cyber security, C-level strategy and business risk management.
Representing cyber security strategy at board level
Too many businesses are leaving themselves vulnerable to today’s cyber security threats by relying on an outdated structure that includes a traditional information security risk manager typically reporting to the chief information officer. With cyber threats growing daily, a dedicated owner of cyber security and information risk management at board level is now vital.
As businesses move towards an even more innovative online presence, the appointment of a next-generation CISO can ensure that any cyber security strategy contributes to financial stability and growth, and embeds security in all of the organisation’s plans.
So, if you don’t currently have someone on your board who’s dedicated to cyber security but also understands regulatory requirements and overall business strategy, perhaps it’s time you started looking for your next-generation CISO?