, ,

The struggle to be heard: how CISOs can close the credibility gap with their boards

These are tough times to be running a business. Relief at exiting the pandemic was short-lived, followed by rampant inflation, sky-high interest rates, business uncertainty and geopolitical volatility. Against this backdrop, the last thing an organization needs is to have critical data stolen and systems crippled by cyber-attack. Or for a key supplier to suffer the same. June’s ransomware attack on an NHS provider showed the catastrophic knock-on effect such a breach can have.

That’s why CISOs up and down the country are trying to build a case for improving cyber resilience. However, their job isn’t easy. First, they have to convince a skeptical – and sometimes downright hostile – board.

Why resilience matters

Cyber-resilience is all about addressing people, process and technology gaps to ensure an organization can continue to operate effectively even if it’s hit by a sustained and sophisticated cyber-attack. It means improving cyber-hygiene through best practices like multifactor authentication (MFA), regular security awareness training, backups, encryption, anti-malware, prompt patching and more. This “prevention” approach must be enhanced with detection and response to catch any threats that may sneak through – and recover quickly before there’s been any significant impact on the organization.

Unfortunately, this is getting harder than ever as digital investments expand the typical corporate attack surface. Half of UK businesses recorded at least one cyber-attack or breach last year, rising to 70% of medium-sized and 74% of large companies, according to the government. Ransomware isn’t the only threat facing these organisations. But it has become the largest one, according to the National Cyber Security Centre (NCSC), which also warns that the threat is expected to increase as malicious actors get hold of AI tools

For some companies, it has become an existential risk. Boards facing the threat of IP or customer/employee data loss and/or service disruption should be well aware by now of the long-term financial and reputational impact on their business. Even relatively small-scale cyber-incidents can force some systems offline for investigation, and redirect resources away from important digital transformation projects.

Undermined and undervalued

Investing in cyber-resilience should therefore be an open-and-shut case for CISOs to make. Unfortunately, it is not quite so straightforward. For cyber strategy to function as intended in an organization, the IT or security lead needs to be heard and understood. The board must buy into their vision, implicitly understanding the business criticality of effective cyber-risk management.

Unfortunately, research reveals that boards are more likely to be disengaged and unenthused by cyber, viewing it as an IT risk and little more. In fact, most (80%) CISOs claim that their board would only be incentivised to act on cyber risk if there was an actual breach. Reactive investments such as these often lead to point solutions which fail to address fundamental challenges, papering over the cracks when something more holistic is needed.

That same research finds that 79% of cybersecurity leaders have felt boardroom pressure to downplay the severity of cyber risks facing their organization. Many claim this is because they are seen as being “nagging” and are viewed as overly negative. A third say they have been dismissed out of hand.

Bridging the gap

This is partly the fault of the board. Although regulators are increasingly demanding more personal accountability for cyber incidents at a board level – which will certainly focus minds – there is more to do. CISOs can sometimes also be part of the problem, by packing their presentations with irrelevant metrics and industry jargon. That’s not the way to win over a business audience that wants answers to far more fundamental questions: How secure are we? What will it take us to get there?

To bridge the yawning boardroom credibility gap, security leaders need to keep their communications simple, to the point and free from tech-speak. They need to align cyber with business risk, and cybersecurity outcomes to business objectives. And they need to work harder to build personal relationships with board members.

The journey starts here

How do they get there? Using the right metrics is a good start. By consolidating point solutions onto a single platform for managing cyber risk, they can generate a single source of truth for more consistent reporting. The best outcome would be a solution capable of calculating risk based on attack landscape, user exposure and security configuration, as well as overall impact on the business. This could be used to continually map risk across the corporate attack surface and take automated remedial actions to close any gaps that appear, like vulnerabilities and misconfigurations.

The results could be displayed in an easy-to-consume executive dashboard, which helps senior leaders grasp the real-world implications of nebulous concepts like cloud misconfiguration and account compromise. This approach lights a clear pathway to closer alignment between security and business objectives, which could ultimately help to enhance cyber resilience. It may be a long journey ahead for some companies, but the alternative is far worse.

We list the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

https://www.techradar.com/pro/the-struggle-to-be-heard-how-cisos-can-close-the-credibility-gap-with-their-boards


December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1011: The Year in Review – A Look at the Top Stories of 2024 This Week in Tech (Audio)

What's behind the tech industry's mass layoffs in 2024? : NPR Rabbit R1 AI Assistant: Price, Specs, Release Date | WIRED Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. Microsoft delays Recall after security concerns, and asks Windows Insiders for help The Qualcomm Snapdragon X Architecture Deep Dive: Getting To Know Oryon and Adreno X1 Elon Musk: First Human Receives Neuralink Brain Chip Apple hit with €1.8bn fine for breaking EU law over music streaming Bluesky emerges The hidden high cost of return-to-office mandates Apple's Car Was Doomed by Its Lofty Ambitions to Outdo Tesla SpaceX pulls off unprecedented feat, grabs descending rocket with mechanical arms U.S. versus Apple: A first reaction Google Says It Won't Force Gemini on Partners in Antitrust Remedy Proposal U.S. Accuses Chinese Hackers of Targeting Critical Infrastructure in America U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack AT&T says criminals stole phone records of 'nearly all' customers in new data breach National Public Data confirms breach exposing Social Security numbers Schools Want to Ban Phones. Parents Say No. New York passes legislation that would ban 'addictive' social media algorithms for kids GPT-4o (omni) + new "Her"-style AI assistant (it's nuts) Google emissions jump nearly 50% over five years as AI use surges Trump proposes strategic national crypto stockpile at Bitcoin Conference Ten additional US states join DOJ antitrust lawsuit looking to break up Live Nation and TicketmasterThe Internet Archive just lost its appeal over ebook lending Hezbollah Pagers Explode in Apparent Attack Across Lebanon OpenAI raises $6.6 billion in largest VC round ever Painting by A.I.-Powered Robot Sells for $1.1 Million Netflix's Live Mike Tyson Vs. Jake Paul Fight Battling Sound & Streaming Glitches In Lead-Up To Main Event Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Supreme Court agrees to hear challenge to TikTok ban So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Beeper's push for iMessage on Android is really over The Quiet Death of Ello's Big Dreams Japan finally ends mandatory form submission on floppy disks We'll Miss You: Pioneering instant messaging program ICQ is finally shutting down after nearly 30 years Spotify is going to break every Car Thing gadget it ever sold Game Informer to Shut Down After 33 Years In Memoriam Host: Leo Laporte Guests: Fr. Robert Ballecer, SJ, Richard Campbell, and Mikah Sargent Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsor: bitwarden.com/twit
  1. TWiT 1011: The Year in Review – A Look at the Top Stories of 2024
  2. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  3. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  4. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  5. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI