techUK sets out recommendations to help guide CISOs as organisations continue their digital transformation
The Role of the CISO in a Digitally Transformed Organisation highlights the complexities surrounding the role of the Chief Information Security Officer (the CISO). In this new report, we explore what the CISO should be focusing on in an era where every organisation is a technology organisation, as well as touching on the key attributes of a successful CISO – leadership, strategy, technical, and governance.
Our report makes seven recommendations to enable the CISO to ensure that cyber security is recognised as a business enabler, helping their organisation to deliver on its digitalisation journey. These recommendations are underpinned by examples and contributions from industry leaders, including Microsoft, IBM Security, BT Security and Corix Partners.
Recommendation 1: The CISO must help the Board to recognise cyber security as a business enabler, and a critical ingredient in helping the organisation to deliver on its digitalisation journey.
Recommendation 2: The CISO should look beyond the purely technical and focus on business risk management. The CISO must have, and embrace, wider business skills and knowledge to drive change across all business functions.
Recommendation 3: The CISO must be prepared for all types of crises: identify the principles that will guide you in decision-making – and test them.
Recommendation 4: The CISO should build a digital empathy system: use telemetry data from trends to understand how people are working in the system to improve experience and reduce risk.
Recommendation 5: Supercharge the human firewall: the CISO should sharpen security hygiene to encourage people to adopt digitally safe behaviours and be on their guard against cyber threats.
Recommendation 6: The CISO should build the case for investment in appropriate threat intelligence so that they are equipped to help their leadership teams understand the business problem in context and to support improved decision-making.
Recommendation 7: Diversity is a strength to be actively sought within the security team (and beyond). The CISO should help to hold their organisation to account on diversity and initiate conversations that provoke action to ensure a team that makes better decisions.
This report is the second in the wider techUK Cyber People Series, which set out to explore how people can be the strongest element of the UK’s cyber defences. The aim of these reports is not to be prescriptive, but to support organisations and stakeholders in making the right decisions, highlighting best practice across UK sectors, and sharing insight from industry leaders across a range of topics.
The first report, The CISO at the C-Suite, tackled the key question of how the Chief Information Security Officer role should engage at C-Suite and Board Level, leveraging influence to ensure cyber security is seen as an enabler of the rapid digital transformation that all organisations saw throughout 2020. Future reports in this important series will continue to examine the CISO function, including how to make informed buying decisions.
Dan Patefield, Head of Cyber and National Security at techUK said: “As cyber security underpins an increasing part of everything an organisation does, the role of the CISO function continues to evolve, enabling cyber resilient cultures to develop over time. It is critical for the CISO function to embrace wider skillsets beyond the technical, with an emphasis on commercial, communication and leadership. The key areas of focus outlined in this report, and the practical steps recommended, will guide organisations’ approach to this function as digital transformation continues apace. In doing so, we can ensure that cyber security is viewed as a true business enabler and create a strong foundation for that long-term cultural change to occur.”
Read the full The Role of the CISO in a Digitally Transformed Organisation report here.
Want to know more? Listen to our podcast where we explore the report's topics further with our three expert guests – Paul D'Cruz, Security Solutions Leader at Microsoft UK, Jean-Christophe Gaillard, Managing Director of Corix Partners and Martin Borrett, IBM Distinguished Engineer and Technical Director at IBM Security.
Jill Broom
Jill Broom
Jill leads the techUK Cyber Security programme, having originally joined techUK in October 2020 as a Programme Manager for the Cyber and Central Government programmes. She is responsible for managing techUK's work across the cyber security ecosystem, bringing industry together with key stakeholders across the public and private sectors. Jill also provides the industry secretariat for the Cyber Growth Partnership, the industry and government conduit for supporting the growth of the sector. A key focus of her work is to strengthen the public–private partnership across cyber to support further development of UK cyber security and resilience policy.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
- Email:
- [email protected]
- Website:
- www.techuk.org/
- LinkedIn:
- https://www.linkedin.com/in/jill-broom-19aa824
Annie Collings
Annie Collings
Annie is the Programme Manager for Cyber Resilience at techUK. She first joined as the Programme Manager for Cyber Security and Central Government in September 2023.
In her role, Annie supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector. Annie also coordinates events, engages with policy makers and represents techUK at a number of cyber security events.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
- Email:
- [email protected]
- Twitter:
- anniecollings24
- LinkedIn:
- https://www.linkedin.com/in/annie-collings-270150158/
Tracy Modha
Tracy Modha
Tracy supports the marketing of several areas at techUK, including Cyber Exchange, Central Government, Cyber Resilience, Defence, Education, Health and Social Care, Justice and Emergency Services, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!
- Email:
- [email protected]
- Phone:
- 02073312000
- Website:
- www.techuk.org
- LinkedIn:
- https://www.linkedin.com/in/tracymodha83