News & Analysis

CISOs Are In Boardrooms, But Cybersecurity Isn’t

Cybersecurity

Cybersecurity isn’t a buzzword anymore, of that everyone is aware. Unless enterprises get on board and address it on a continuous basis, data security would only remain a distant dream and cyber hackers would continue to rule the roost. Better connectivity also brings higher volumes of data and larger risks surrounding its storage.

Though cyber threat is something that most CXOs understand, what appears to be missing is the clarity of thought that no enterprise can hope to find a one-time fix against cybercrime. Because, with each innovation that is brought about to counter the threat from hackers, there seems to be just the right counter that helps criminals get their hands on one’s data.

CXOToday had spoken to Maninder Bhardwaj, Partner, Risk Advisory at Deloite who said whatever it is that holds value to another person, brings with it the threat of being stolen. This has been so from time immemorial and would continue to be so forever and ever more. In fact, next gen CXOs need to sign-off on cybersecurity before they even begin to address other operations-led issues.

But, that isn’t the case right now though cybersecurity has shown that it doesn’t differentiate between large, medium or small enterprises. A report published in IndustryWeek.com quotes Gartner to suggest that only 30 per cent of organizations are taking effective and regular steps to combat the digital risk.

Not Top Priority?

Looks like cybersecurity hasn’t yet made it to the top priority list of the Boardroom. A recent study conducted by 451 Research for Kaspersky suggests that though the CISOs have moved up the pecking order in the boardroom, they’re not really speaking the language that always makes sense to the rest of the members of the Board.

Of three hundred cybersecurity executives who participated in the study, sixty percent of respondents said that the business leaders seek the inputs of their CISOs every time an internal cybersecurity incident takes place. Fifty-seven percent of these respondents said that they arrange meetings with all the board members regularly and fifty-six percent are asked for their expert advice on future IT projects.

Should this make us happy assuming cybersecurity has finally taken a leap in the boardrooms? Unfortunately, no. The study revealed while the profile and value of CISOs has shot up, they continue to face hurdles when it comes to rationalizing and advocating the expenditure on the IT security.

Forty-three percent of the respondents said that one of their top challenges include making a strong case for the important information security expenses. It appears as though they are in direct competition with the other business and IT initiatives as the security investments are often made part of the broader IT budget.

This begs the question: If enterprises are indeed getting the gist of why cybersecurity is so mission critical to an enterprise, why is it that there is continued hesitation on cyber security spends?

Mind Their Language!

Security is often seen under the umbrella of IT department who are not really associated with good communication skills. A report published on BetaNews.com quotes Veniamin Levtsov, VP of corporate business, Kaspersky, to suggest that even though the enterprises now understand the importance of cybersecurity, the CISOs continue to face the challenge of translating their understanding into an actual support.

According to Levtsov, this challenge arises essentially because of the technical jargons used by the CISOs instead of the business language which is easily comprehensible by the other board members.

Hence, what CISOs need to do is- transform your security language into the business language which is understood by everyone. They need to take the hat of “security people” off their head and start thinking as business enablers just as their peers in the boardroom.

If they really want to be heard in the boardroom meetings, they need to move out of the IT rooms and collaborate with other departments such as sales, marketing, business development and customer experience and formulate a holistic approach to safeguard the businesses.

Leave a Response