The shifting digital security landscape and the evolution of the CISO
Dimension Data has a thorough understanding of today’s global IT risk management issues and digital security best practices. Throughout our years of providing effective enterprise security solutions in partnership with innovative leaders such as Intel Security, we’ve noticed a shift in the dynamics of the digital security job becoming more and more apparent: the role of the CISO is changing, providing both challenges and opportunity for the people filling these roles. The landscape is changing and driving the evolution of the CISO’s responsibilities through the business.
Where it was once relegated to the confines of the IT department, the role of Information Security Officer is experiencing a rebirth, and claiming its rightful place at the boardroom. The ever-more intricate interweaving of business and technology is already well underway, with no signs of slowing down in the foreseeable future. This creates a more complex and challenging backdrop against which CISOs must operate. It also raises the stakes when it comes to the organisation’s risk profile, enough for CEOs and other key decision makers to sit up and take notice.
It is essential for Information Security professionals to demonstrate their knowledge, understanding and expertise within the digital business, so that they can offer strategic input into discussions among high-level executives. According to the recent Forrester Research report entitled “Evolve to become the CISO of 2018 or Face Extinction”:
Too few CISOs are able to demonstrate business acumen. Business leaders want to engage with fellow professionals who can effectively communicate about information and cyber risks and how they may impact the business
The New Information Security Dream-Team: CEO & CISO working together
The Forrester Research report reveals that currently, 55% of CISOs (or equivalent high-level security decision makers) report directly to the IT department, with only 23% reporting directly to the CEO and just 8% reporting to the board of directors. This trend is set to reverse itself in the coming years, as CEOs continue to recognise just what the consequences of lax security could be for a digital business. They understand that innovations like IoT are shifting the goal posts when it comes to customers’ expectations of security, and that new digital business models make more attractive targets than ever for enterprising cybercriminals. As the threats continue to evolve, business leaders are finding it increasingly difficult to ignore the risks, and they’re looking for the perfect CISO to help them through.
Security and risk professionals must choose between becoming a more business-focused CISO, or remaining focused on the IT agenda. Those which choose the IT agenda may fall behind and it’s likely that your future job roles will be architect, advisor, or consultant, but unlikely to be CISO. Choose the business agenda and you will form an integral part of the business discussions and play an active role is evolving the business to embrace digital transformation. It’s a decision you might have to make soon.