Blog · 24 Feb 2021

Why the CISO is central to digital business success

Organisations need the CISO to take a lead, driving cybersecurity performance as a competitive advantage and helping the enterprise make the most of every digital opportunity.

The last twelve months have seen an explosion of opportunities for businesses, with many achieving remarkable transitions on to IT centric platforms and processes.

I’d say the adoption of, and reliance on, these platforms and processes has been greater during recent times than in any other period in the last thirty years. Digital transformation, cloud compute and software as a service have been the landmark points for organisational evolution, underpinning more general changes. These include the migration of collaboration and everyday business tools to services like O365 or G-Suite, as well as a focus on greater digital interaction with partners and customers.

I’m very conscious of the step increase in our reliance on technology. And this will only grow; look at the ongoing related trends of greater use of internet for transport, high bandwidth mobile, such as 5G, and the explosion of internet-connected devices in everyday life. It’s vital that we recognise and tackle the corresponding magnitude and breadth of threat and risk from digital crime.

In the same way that individuals and organisations are exploiting the opportunities of this transformation, criminals will be looking to make the most of it, too. Now, more than ever, the role of the CISO and their team is critical, which is why our latest whitepaper explores consumer, business leader and employee attitudes to cybersecurity – and what they mean for your enterprise.

The CISO’s role has changed dramatically

Over the last decade, the role of the CISO has switched from being an organisational control function (often sitting outside many business processes), to a critical enterprise enabler. Now, the CISO’s expertise and advice are crucial to extracting the full business advantages available from digital transformation, at the same time as understanding and compensating for the ever-changing cyber threats and risks. 

The CISO of 2010 was mainly asked to write and assure policy. The modern CISO needs to do that – and much more. Today, they need to integrate far more closely with their business and manage a much wider scope of responsibilities. While still being accountable for the organisation’s security polices and standards, the CISO now needs to make sure that these work effectively for their business. They must make it easy for the organisation’s stakeholders to do the ‘right thing’ and be able to communicate risks and threats clearly to different audiences in ways they understand. Now, the CISO is often accountable for protecting far more than just the company’s digital assets. In fact, today’s CISO is accountable for managing one of the most critical risks on the board’s agenda. From helping the organisation respond to significant incidents, to protecting the company’s brand and engaging with stakeholders to turn on the ‘human firewall’, the CISO role has expanded hugely.

With threats and risks constantly evolving, the CISO needs to maintain a wide network of contacts and sources and must be able to translate information into actionable intelligence. The solid understanding of the risk landscape this brings means organisations can shift their focus rapidly and flexibly, and adjust controls accordingly.

The CISO is critical to ‘security by design’

Traditionally, security was treated as a bolt on or a post-project addition to IT programmes. Our growing reliance on digital services has made this strategy less and less effective. Businesses have discovered that a bolt-on approach affects the usability of digital services, creating unnecessary friction that can damage confidence in new technology. Bringing the CISO team in at the beginning of a programme - to include threat awareness and controls - makes it easier to balance risk mitigation with user friction, and removes retrospective hardening costs.

I’m pleased to say that, in the last few years, we’ve seen far greater awareness of embedded security amongst businesses, with concepts like ‘security by design’ and ‘privacy by design’ becoming key objectives.

It’s time to recognise the opportunities created by the transformational digital journey that many enterprises have been on over the last year. It’s a chance to reassess the importance and benefits of aligning security even more closely to their organisational strategy. And the CISO is ideally placed to elevate and translate the awareness of threat and risk as the company develops and transforms business processes and technology.

Time for CISOs to step into the spotlight

The CISO and their team are a crucial asset to organisations, but our recent research revealed that they’re still not very visible in many businesses. If yours is one of those enterprises, you have a golden opportunity right now to elevate the CISO role into the leadership position your organisation needs. And if your operation already relies heavily on your CISO team, then now is a fantastic opportunity to make them even more prominent so they can raise security awareness and make sure security is embedded in every programme.

Start assessing your current position by asking yourself these questions:

  • how could you use advisory services to help prioritise and build a compelling vision for the future?
  • what else could you achieve with the time and space to focus on wider business issues if you outsourced your day-to-day security operations to managed services?

To find out more about the challenges and opportunities facing today’s CISO, download our latest whitepaper, ‘CISOs under the spotlight’. And if you’d like to talk through how we can help you embed security into your organisation, please get in touch with your account manager.