The CISO needs to build close relationships with people in key areas such as risk and compliance and IT. So that when investments are being made in new systems or transformation programmes, security has a place at the table.
Here are some of the strategic steps for Irish CISOs to take to present themselves as a key ally in the battle to preserve and protect the organisation’s assets.
- The CISO should try to identify common goals with the key stakeholders for their specific initiatives, such as reducing complexity and time through a Security-by-Design approach to technology solutions.
- CISOs must also be involved in key decisions at a much earlier stage. Again, this will require building close relationships with people in key areas such as risk and compliance and IT. When investments are being made in new systems or transformation programmes, security must have a place at the table.
- CISOs must look beyond their organisations when building stakeholder relationships. Suppliers are critically important. Cyber risk arising from supply chain vulnerabilities must be addressed. A fourth or fifth party may be several times removed from the organisation, but it could still pose a cybersecurity risk.
- Customer interests must also be represented. CISOs can become advocates for customer privacy and data protection rights and thereby assist sales and marketing by enhancing the organisation’s brand reputation. CISOs and business stakeholders should align and clearly articulate all data use for risk-based decisions. This is particularly important for personal and sensitive personal data use and protection.
Five steps to long-term value
CISOs must demonstrate the ability of cybersecurity to add long-term value across the organisation. This begins with finance and the reduction of the risk of the organisation suffering a devastating cyberattack or fine for data or privacy breaches.
A CISO should be a builder and disruptor, bringing innovative solutions in a measured and proportionate manner.
Innovative approaches to security automation will be an essential tool in a CISO’s arsenal.
The five steps Irish CISOs can take to build better relationships with the board, business heads, HR and marketing functions are:
By taking these steps CISOs can achieve a fundamental change in their standing within their organisations and ensure they are consulted earlier, receive adequate resources, and become viewed as value adding rather than cost increasing.
Summary
Cyber leaders in Ireland need to look beyond their organisations when building stakeholder relationships. To bring innovative solutions in a calibrated manner, they need to assess key business stakeholders’ satisfaction with the performance and delivery of security services.