COMMENT
It seems obvious: CEOs and their Chief Information Security Officers (CISOs) should be natural partners. As cyber threats continue to increase, most CEOs recognize the importance of having a strong security leader to protect the company’s data, not to mention its reputation.
Yet, according to a PwC reportonly 30% of CISOs believe they receive sufficient support from their CEO.
As if defending your organizations from bad actors despite budget constraints and chronic cybersecurity talent shortages wasn’t difficult enough, two cases from 2023: fraud allegations against SolarWinds and its CISO and the condemnation From Former CISO of Uber — they have thrown security chiefs into a dangerous position of facing criminal charges and the wrath of regulatory authorities if they make a mistake.
No wonder Gartner predicts Nearly half of cybersecurity leaders will change jobs by 2025 due to multiple work-related stressors. “Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal of the analyst firm.
It is not in the organization’s best interest to experience high turnover in the CISO role and it is absolutely beneficial to have stable, successful CISOs. Supportive partnerships between CEOs and cybersecurity leaders are crucial. Here are four things CEOs can do to help:
1. Ensure the CISO has a direct line to the CEO
Today, the vast majority of CISOs report to the CIO rather than the CEO, according to an executive search and management consulting firm Hedrick and the fights (PDF). Whatever the formal reporting relationship in a given organization – from the CISO to the CIO or directly to the CEO – the most important thing is that the head of security and the head of the business are in tune with IT strategy and execution.
A 2023 Forrester Report said this hotline can have five benefits for CISOs, including strong management oversight and accountability for the cybersecurity program, funding for security initiatives, and increased awareness of enterprise-wide cybersecurity responsibilities.
With cybersecurity now so vital, and in light of the enormous pressures on CISOs, this is a good time for CEOs to examine how they communicate and collaborate with their CISOs.
2. Support the CISO
How does a supportive CEO work? They enable the CISO to lead and execute the cybersecurity mission, provide resources, and are empathetic about how difficult the job has become.
The importance of empathy cannot be underestimated. Remember, in the wake of the SolarWinds and Uber cases, there are now CISOs personally obligated to report relevant cybersecurity information accurately or could face legal action. CEOs should deeply appreciate these hard truths and always endorse the CISO’s efforts toward full transparency.
When the CISO defends resources, the CEO must be honest about the serious risks that come with saying no. This type of CEO aligns with the CISO in never settling for “secure enough,” but in supporting the security leader in opportunities for improvement.
3. Work with the CISO on a resilience strategy
While cybersecurity has been defined by prevention for the last 20 or 30 years, it has become clear that the discussion needs to be reframed around resilience. Data has grown and diversified at a dizzying pace, to the point where most organizations struggle to even identify all the data they have and what is critical and what is not. The Rubrik Zero Labs relationship found that, in 2022, data increased by more than 25% in a typical organization, with an astonishing 236% explosion of data from Software-as-a-Service (SaaS) applications.
This means that while organizations still need prevention strategies, they are also wise to recognize that attacks are inevitable and move towards a more achievable goal: protecting the most critical data (such as confidential customer information, key financial data corporate and intellectual property), limiting the impact of attacks, working quickly to remediate them, and keeping your business running.
The key to building this resilient future is CEOs and CISOs staying on top of why it makes sense and collaborating closely to make it happen.
4. Agree on the impact of AI
The rise of generative artificial intelligence e GenAI utilities for both attackers and defenders received a lot of attention. Artificial intelligence is allowing cybercriminals to generate more code to attack organizations and, in turn, is becoming a necessary tool to help security teams understand what is happening. CISOs need to be on top of both sides of this equation, but there’s also another dynamic at play that CEOs can help arbitrate.
For many company insiders, artificial intelligence is a shiny new thing that offers opportunities, for example, to offer customers new product features. But cybersecurity teams need to closely examine the use of GenAI in product development or customer support functions if they believe it is pushing the boundaries of security risk.
In any situation where this natural tension creates disputes that end up in front of the CEO, the CEO can support the CISO and the company’s cyber mission by carefully evaluating potential security risks rather than adopting a “move fast and break” mentality. things” that prioritizes speed over safety.
As these four tips show, CEOs have the power to help CISOs manage the enormous expectations placed on their shoulders. CEOs who wield these powers don’t just do the right thing for their CISOs, they bring great benefits to their companies.