Author: Manishree Bhattacharya
Two years into the global pandemic, remote working and hybrid work strategies have become normalized — part of “business as usual” for many technology workforces. Other sectors, of course, have also implemented and enabled telecommuting, in both the short- and long-term. In this environment — amidst the rush to digitally transform, enable business continuity and resilience, and drive innovation — the cybersecurity function has become even more critical.
And cybersecurity professionals have their work cut out for them. In its Global Risks Report 2022, the World Economic Forum places cybersecurity failures among the most “critical short- and medium-term threats to the world,” noting that our “growing digital dependency will intensify cyberthreats.” With malware and ransomware attacks on the rise, threat actors more persistent, and threats having increasingly global implications, it’s difficult to imagine the long-term prospects of a hyper-connected digital world without a concerted focus on cybersecurity.
What’s more, executives outside of IT are realizing the need for a comprehensive approach to cybersecurity as well. According to a recent Gartner survey, nearly nine out of 10 boards of directors (BoDs) classify cybersecurity threats as a business risk, rather than solely a technology risk. Despite that, Gartner notes that “only 12% of BoDs have a dedicated board-level cybersecurity committee.”
By now, one would presume that cybersecurity would have firmly established itself as a business enabler in the minds of leaders and employees alike. The function must find it easy to navigate and manage issues, with frequent buy-in and few hurdles, right?
The reality is often different and more complicated, though. Despite rising awareness of the pervasiveness and ramifications of breaches, security leaders can find it challenging to manage digital transformation initiatives, hybrid IT, and shadow IT. Digital transformation is at full throttle in most organizations right now; however, cybersecurity is sometimes perceived as a brake to this momentum and still not an easy plug-in.
How can we bring about a shift in mindset, not only on paper, but also on the ground? How can cybersecurity become an easy plug-in in organizations? How can other business functions best use cybersecurity to their advantage?
Cybersecurity prioritization from the top down is key. And for security leaders, in particular, it’s also often important to put time into creating a positive security culture within their organizations.
Here are a few ways that the chief information security officer (CISO) can transition from being perceived as restrictive and prescriptive to — instead — enabling, encouraging, and experience-driven, benefitting cyber and the organization at large:
There is no denying that change, complexity, and uncertainty will continue to shape the future. Time and again, the ability to transform and stay resilient will be put to test. For organizations, the ability to transform (using technology or otherwise) will help them grow and stay relevant. What’s more, the ability to emerge successfully from a cyberattack or other crisis will help foster stakeholder trust and sustain business growth.
In the next frontiers of digital-led growth, the CISO’s role as a business leader, innovator, and enabler — and cybersecurity’s role as a business engine — can no longer be discounted. As organizations take steps to prioritize cybersecurity and resilience across their operations, it’s time to ask: Are we investing right to drive greater business value?