Where should the CISO role sit in an organisation to be most effective? The techUK podcast
In December, techUK launched The CISO at the C-Suite report which tackles the key question of how the Chief Information Security Officer role should engage at C-Suite and Board Level, leveraging influence to ensure cyber security is seen as an enabler of the rapid digital transformation that all organisations have seen throughout 2020.
We made five key recommendations in the report to empower the CISO to add differentiated value and to create a strong foundation of cyber security knowledge across the business:
- The CISO must have visibility of the wider business and be empowered to drive change where it is needed. Cyber security is a strategic level priority in all organisations and cannot simply be ‘managed’.
- Transformative efforts must be placed in the right perspective: the CISO must agree the right timeframes for change, looking at longer-term transformation where necessary, beyond immediate tactical firefighting and quick wins.
- Clear reporting lines and responsibilities must be implemented from the outset. The C-Suite should set objectives indicative of the broader digital transformation that the organisation wants to see.
- The CISO function – irrespective of its reporting line – must have a clear, independent budget approved by the Board and commensurate to the transformation objectives set by the Board.
- The CISO must be able to communicate in Board-level terms, framing cyber security as a business enabler and identifying actions/initiatives in terms of business value rather than risk. This must extend to regulatory requirements and how they translate into planned initiatives. A consistent communication approach, with easily understood messaging and content, is important to build understanding and support.
In this episode of the techUK podcast, our Head of Cyber Dan Patefield is joined by the report’s key contributors - Jean-Christophe Gaillard, Managing Director of Corix Partners, and Jason Tooley from techUK’s Membership, Finance and Performance Board to discuss which of the five recommendations really gets to the crux of the issue.
JC and Jason also cover in more depth where the CISO function should sit in a business today; and what CISOs, and their wider organisations, should be doing to position cyber security as a critical business enabler.
This insightful, highly relevant conversation is must listen for 2021!
You can download the full The CISO at the C-Suite here.
Want to be involved in techUK’s Cyber Campaign Week 2021? Reach out to the team today.