28 Oct 2018

How to score a Cyber Security win with your Board.

 

Many boards have a significant knowledge gap on cyber risk and security. Chief Information Security Officers (CISOs) can bridge that gap by advising board members on this important topic in business terms they readily understand.  I did an informal survey with  Board Chairs, board members, Ceos, Cfos and a few board advisors on LinkedIN. This survey helped me to four steps I believe you may   help boards and business leaders determine the business risk of cyber threats, prioritize security investments, and measure improvement in security performance. Doing this gives you more influence in the boardroom so you can help ensure your organization protect critical assets, privacy, and reputation while safely driving critical business strategies.

Digital transformation uses technology to build new business models, processes, software, and systems that create a competitive advantage by helping to increase efficiency, revenue, and margins.  Think about Uber, Airbnb, and Square, and how they have revolutionised transportation, accommodations, and purchase transactions, respectively. Yet, while a majority of business leaders agree that cybersecurity is important to digital transformation, most lack a formal strategy to put it in place.

According to the survey

  • 80 percent consider digital transformation a strategic priority and formally plan for it.
  • Only 50 percent of organizations plan for cybersecurity before initiating digital transformation.

Without upfront security plans, many organizations remain vulnerable, not only to breaches, but to losing their competitive edge if they can’t innovate quickly.

  • 71 percent of executives said concerns over cybersecurity are impeding innovation in their organizations.
  • 39 percent stated they had halted mission-critical initiatives due to cybersecurity issues.

How security professionals can help close the gap Chief Information Security Officers (CISOs)

If you are a CISO or IT leader looking to take a stronger leadership role, here are four actions you may take to boost your effectiveness when you meet with your board and senior executives. In addition to sharing current trends in cyberwarfare and current threats, you can provide more strategic advice. To do so, it’s best to focus on the following four areas:

  • Understand the board’s appetite for risk and get involved in the enterprise risk management (ERM) function.
  • Build a risk profile aligned to enterprise risks.
  • Measure risk and set effectiveness metrics.
  • Demonstrate effective resilience and continuous improvement.

Boards already have experience in risk analysis through asking questions that guide executive leadership. Cyber risk isn’t inherently different from other enterprise risk. CISOs can help boards build a cyber risk profile that helps their organizations focus on protecting the enterprise’s most critical assets. As a CISO, you can have a business-focused, forward-looking conversation with your board and business leaders, one that demonstrates how essential an effective cybersecurity strategy is for digital transformation. You can provide:

  • Recommendations on how to best protect the organization’s most critical assets in alignment with the enterprise’s cyber risk profile.
  • Meaningful metrics to help leaders understand the progress the security organization is making.
  • A plan to rapidly respond to cyber attacks.

Why Vertis Technology?

Our services and solutions are delivered by highly trained, experienced security professionals who are focused on your business and understand your challenges and objectives. Vertis Technology Security Advisory Services can help you understand the risk profile of your organization, and whether it aligns to your risk tolerance. We assess risks internal to your operations, as well as those from third parties, and help you learn how to manage rigorous compliance requirements. With this knowledge, you can make more effective risk decisions about how you connect, communicate, and collaborate

leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.