techUK launches The CISO at the C-Suite report

CISO at the C-Suite

Click here to view

techUK’s newly launched The CISO at the C-Suite report tackles the key question of how the Chief Information Security Officer role should engage at C-Suite and Board Level, leveraging influence to ensure cyber security is seen as an enabler of the rapid digital transformation that all organisations have seen throughout 2020.

As cyber security increasingly underpins and enables business growth across all sectors, and enables the Fourth Industrial Revolution to gather pace, the CISO function must seek to educate, garner and leverage support from the C-Suite and Board levels to drive change across their organisations.

Our report makes five recommendations to enable the CISO to add differentiated value and to create a strong foundation of cyber security knowledge across the business:

1. The CISO must have visibility of the wider business and be empowered to drive change where it is needed. Cyber security is a strategic level priority in all organisations and cannot simply be ‘managed’.
2. Transformative efforts must be placed in the right perspective: the CISO must agree the right timeframes for change, looking at longer-term transformation where necessary, beyond immediate tactical firefighting and quick wins.
3. Clear reporting lines and responsibilities must be implemented from the outset. The C-Suite should set objectives indicative of the broader digital transformation that the organisation wants to see.
4. The CISO function – irrespective of its reporting line – must have a clear, independent budget approved by the Board and commensurate to the transformation objectives set by the Board.
5. The CISO must be able to communicate in Board-level terms, framing cyber security as a business enabler and identifying actions/initiatives in terms of business value rather than risk. This must extend to regulatory requirements and how they translate into planned initiatives. A consistent communication approach, with easily understood messaging and content, is important to build understanding and support.

Driving good cyber security practices into the wider organisation is a cultural change, and one that can be difficult to make across corporate silos. techUK’s report highlights the need for the CISO to foster collaborative relationships with the C-Suite and Board levels in order to support that change across the business. Cyber security is increasingly an enabler of all functions across all organisations because it allows growth by protecting the business: it is not simply a risk to be managed. The CISO must sit at the heart of an organisation, and the success of any individual in the role relies on them being suitably positioned, supported, and enabled.

However, enabling the CISO role is only the start of the journey. Our report argues that we still focus only on technical expertise and experience as being necessary traits for a CISO and, while this is important, it’s not the requirement and capability which will engage, lead and drive change across a business through the digital age.

This report is the first in the wider techUK Cyber People Series, which will be exploring how people can be the strongest element of the UK’s cyber defences. The aim of these reports is not to be prescriptive but to support organisations and stakeholders in making the right decisions, highlighting best practice across UK sectors, and sharing insight from industry leaders across a range of topics. This first document intentionally starts at the top of the tree in terms of cyber defenders – the role of the CISO, and the CISO function, in the largest organisations.

Future reports in this important series will examine the CISO function more broadly, including implications for medium and small businesses. The next one will explore what the role of the 2021 CISO function should look like, and how they can leverage the support detailed in The CISO at the C-Suite to accelerate transformation.

You can find the full report here.

Listen to The CISO at the C-Suite episode on the techUK podcast with report contributors Jean-Christophe Gaillard and Jason Tooley.

Dan Patefield

Programme Head, Cyber and National Security, techUK

×

Dan Patefield

Programme Head, Cyber and National Security, techUK

Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.

Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.

Email:

[email protected]

Phone:

020 7331 2165

Jill Broom

Programme Manager, Cyber Security & Central Government, techUK

×

Jill Broom

Programme Manager, Cyber Security & Central Government, techUK

Jill is techUK’s Programme Manager for Cyber Security and Central Government, supporting the work of both programme teams and promoting better engagement between the public and tech sectors.

Prior to joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.

With an MA(Hons) in American Studies from the University of Edinburgh, Jill continues to be fascinated by the history and politics of the USA. Otherwise, outside of work, she can be found up a hill, swimming in a loch or curled up with a good book.

Email:

[email protected]

Twitter:

@honeybroom,@honeybroom

Website:

www.techuk.org,www.techuk.org

LinkedIn:

https://www.linkedin.com/in/jill-broom-19aa824/,https://www.linkedin.com/in/jill-broom-19aa824/

Sam Wyatt

Programme Manager, Defence and Cyber Security, techUK

×

Sam Wyatt

Programme Manager, Defence and Cyber Security, techUK

Sam is the Programme Manager for Defence and Cyber Security at techUK. 

Prior to joining techUK, Sam worked as an Account Executive for a small lobbying agency in Westminster where he briefed politicians in Westminster and Local Authorities on housing and energy issues and wrote policy briefs.

Sam holds a BA (Hons) Degree from the Department of War Studies at King’s College London where he focused on the implications of Cyber War and an MPhil in International Relations & Politics from the University of Cambridge.

Email:

[email protected]

Phone:

020 7331 2169