Coming from the year of some of the worst data breaches to hit governments and businesses around the world, it’s no surprise that we’re seeing the rising importance of the Chief Information Security Officer (CISO) in organizations today.
2017: Year of the Data Thieves
From Equifax, to Yahoo, to WannaCry, no one wants to relive the nightmare of hundreds of millions of stolen personal records and data. For this reason, regulatory bodies turned up the heat on cyber security policies and safety measures in 2017. We saw 42 US states issue at least 240 bills and resolutions addressing cybersecurity and risk mitigation. Among these new regulations was the New York Department of Financial Services’ requirement for every financial service company under its jurisdiction to appoint a CISO.
Why a CISO?
Often overlooked, the CISO role was one traditionally under the CIO, with little say about the overall business strategy of the company. This of course, proved to be a costly mistake for many organizations who lost revenue, credibility, and the trust of their customers in some of last year’s cyber attacks. The lesson learned as PwC put it, is that “Cyber risk is more than an information technology issue; it’s a business issue.” With newfound recognition, today we see more and more of those in the CISO role reporting directly to the CEO, or in some cases sitting on their company’s board.
Skills for Success
As the role and responsibilities of the CISO have grown and evolved in importance and relevance, so have the requirements for anyone in the position. Now playing a larger part in leading the company, CISOs should not only have the necessary technical expertise, but must also have the managerial and operational sense to plan, convey, and execute business decisions. With cyber security an organization-wide concern, a CISO will be coordinating and partnering with employees and executives in the different departments of the company (all of whom possess varying levels of IT knowledge). Therefore, a CISO must have excellent leadership and communication abilities, as well as have experience in conflict and resolution management. Emerging from the IT cave without these soft skills, the CISO’s vision may be lost to those who have no appreciation for technical jargon and the most advanced software solutions. At the end of the day, an effective CISO must know how to connect cyber security to the overall corporate strategy while emphasizing its value to and overall impact on the rest of the organization.
Protecting Data and Revenue Streams
With today’s data-driven technological advancements, the collection and use of vast amounts of customer information will only continue to grow. While consumers expect better products and services that will more accurately meet their specific needs, they also expect that companies will exercise due diligence when it comes to protecting and safeguarding their data. Otherwise, a single data breach will most likely mean a mass exodus of once loyal customers. Building and maintaining a high level of trust and customer confidence is what brings in the revenue for companies, and is precisely why the role of the CISO is so important.
While 2017 saw high-profile data breaches left and right, there’s no guarantee that hackers and data thieves won’t try to outdo themselves in 2018. Make sure that your company is well-equipped with a CISO who is ready to take on all the cyber threats that can and will come your way.