As the cyber landscape evolves, the role of the CISO (Chief Information Security Officer) is transforming. Managers at companies of varying size are more aware of the importance of cybersecurity than ever before, and, therefore, CISOs are increasingly present on the boards of directors. The new business context due to disruptive technological developments (such as the Internet of Things and the rise of the cloud), together with growing threat levels, requires security managers to face various changes, such as aligning with business objectives to respond to security needs. Although the profile of a CISO is still technical, its link to business objectives requires specific capabilities and a broaderbusiness vision.
New Responsibilities for a New CISO
With the increase in cyberattacks and the danger of sensitive data leaks looming over companies, the work of the new CISO takes on a role never before seen. According to a study by the Ponemon Institute, 67% of CISOs are responsible for establishing their company’s security strategies and initiatives. This figure indicates an increasing level of influence, confirming that the CISO goes from being a simple guardian of the IT area to a trusted adviser in the upper echelons of organizations.
In the above mentioned study, 60% of respondents said that their organization considers security as one of their priorities. The ability to prevent and respond to attacks is now of great importance for companies, which begin to value the tasks of the CISO to promote awareness and provide adequate training in cybersecurity among the staff, as well as investments in cybersecurity tools to detect possible threats.
The integration between business and technology taking place with the digital revolution is creating a more complex ecosystem for companies and their employees dedicated to security. The CISO must now act according to business demands and assuming the same objectives as other executives of the company. 69% of the respondents in the Ponemon study consider that the appointment of a security director with corporate responsibility is fundamental for the company. The CISO of the future must report its activities within the organization, assume budget and compliance challenges, and implement business tactics driven by business objectives.
And let’s not forget their responsibility toward ensuring the availability of IT services at all times, as well as their airtight grip on data. In this way, the new CISO must reduce the imminent risk of data leaks, protecting the privacy of users and consumers, and complying with new regulations, such as the GDPR.
From Technician to Leader
Most security officers have a technical profile related to studies in computer science. It makes sense, taking into account the need to understand programming and work closely with your team on a technical level. However, the CISO of the future must have business vision and be able to influence the direction the company takes, with leadership skills and interpersonal and strategic communication. The CISO of the future must also be able to draw up plans and models of operations that contribute to the brand, including not only the technical side of cybersecurity but also its essential human side.
The CISO has made its way into organizations after years of being considered an afterthought, and this recognition must be welcomed by security experts as an exciting challenge. This evolution, which now requires an amalgam of technical, legal, regulatory and communicative knowledge, demonstrates the shift towards a global ecosystem much more aware of the importance of cybersecurity. It’s time to reinvent yourself and accept that the traditional IT role no longer exists. Are you ready to be the CISO of the future?