The Chief Information Security Officer, better known as the CISO, is a relatively new C-suite position that oversees a company’s information security program. As billions were affected by cyber-attacks and data breaches in 2018, customers are beginning to expect the companies they do business with to protect their data.
The Role of the CISO
While many companies still associate the chief cybersecurity role with the Chief Information Officer (CIO), the role of the CIO is broader than the CISO role. CIOs typically shoulder the responsibility for the entire company’s infrastructure and information management. The CISO on the other hand, usually develops and manages key aspects of the organization’s data security strategy, including encryption standards, access protocols, compliance requirements, and incident response standards. Essentially, the difference between the CIO and the CISO is the CIO decides how to store data while the CISO decides how to secure the data.
Perhaps one of the toughest roles in the C-suite, the CISO must find a balance between focusing on the cybersecurity of the company and profits. For example, a development team may rush to get a product to market; focusing on short-term profits while ignoring the long-term dangers. The CISO, in this case, may consider this behavior reckless and must step in as a security leader to be the voice of reason questioning how the product would stand up against hackers once it’s in the hands of customers.
How the Role of the CISO Will Evolve
Just like cybersecurity, the CISO isn’t always the most popular topic, or person in this case, in the room. They are seen as someone who limits a company’s ability to develop and launch products quickly. However, as companies finally grasp the need for enhanced cybersecurity strategies with new product offerings, employers will begin to see the CISO’s role as one that is of benefit to everyone.
First, the role of the CISO will grow and gain respect. Essentially, more and more companies will begin to separate information security away from the CIO into an entirely new role that is the responsibility of the CISO. In a study done by PwC, 71 percent of consumers indicated they would stop doing business with a company that experiences a data breach, thereby making their personally identifiable information available without permission. Furthermore, 69 percent of consumers believe companies are vulnerable to cyber-attacks. In response to the concern of consumers, companies will realize an additional C-suite spot is not only needed for the CISO, but the importance of the position is warranted.
Next, in order for a CISO to thrive in their position, they need to be seen as an enabler rather than a disabler. While the position may be seen as one that slows down product development, noncompliance and even worse, a vulnerability in a product will most likely be more expensive than the profits made from rushing the product to market. Rather than being a barrier to product launches, CISOs will begin to be seen as key consultants in the mandated security elements of development.
Lastly, the CISO will have an instrumental role in the education of its employees. Yes, we are going there again! Employees represent the biggest risk to companies when it comes to cybersecurity. Whether that’s due to poor security practices such as easy-to-break passwords, or clicking on a malicious link exposing the company to a data breach or ransomware attack, employees remain the weakest link in the cybersecurity chain. As over two-thirds of cyber breaches were caused by employee negligence over the last year, organizational leaders will begin looking to the CISO to outline and ensure safe and smart technology practices.
As the cybersecurity landscape becomes more and more immense, the role of the CISO will continue to evolve. Profit-minded executives will begin to understand that their customers and profits can suffer if they don’t adequately prioritize security which, in turn, will create endless opportunities for the CISOs of the world to prove their worth.
Photo courtesy of Bohan and Bradstreet