Light Dark
April 12, 2016 By Christophe Veltsos 3 min read
CISO

This is the second post in a three-part series. Be sure to read Part 1 for the full story.

An Overview

A 2013 IBM report titled “Exploring the Inner Circle: Insights From the Global C-Suite Study” found that the top-performing organizations all had one quality that set them apart from their peers: collaboration. Top leadership’s view is that “the ability to collaborate is the most important factor” and that “how the members of the C-suite collaborate is as significant as the extent to which they collaborate.”

So how closely are CXOs collaborating? “The Customer-Activated Enterprise” study in 2013 asked each CXO which two colleagues they worked most closely with. While the CIO’s connection to the CFO is strong, the CIO-CMO and CIO-CHRO connections are evidently thin.


Source: IBM Institute for Business Value

Fast-forward to 2016: Three years after that global study, the level of collaboration within the C-suite does not appear to have changed much. In light of the rising importance of cybersecurity engagement within the C-suite, this is a worrisome finding.

The 2016 “Securing the C-Suite” report found that “the CFO, CHRO and CMO feel the least engaged in cybersecurity threat management activities, yet are the stewards of data most coveted by cybercriminals.”

The bleak findings continued, with almost three-fourths of CHROs, CMOs and CFOs indicating “they do not believe the cybersecurity plans include them in a cross-functional approach.” When CXOs were asked about their level of engagement in cybersecurity preparations, CFOs reported the lowest level of engagement at 38 percent, followed next by CHROs at 41 percent and CMOs at 43 percent.

Chief Human Resource Officer (CHRO)

While organizations are increasing their adoption of information technology, the human side of the equation should remain a constant focus in the organization’s overall cyber risk management. The CHRO installment of the study recommended that the CHRO work closely with the CIO “to design a clear device management policy.”

Chief Marketing Officer (CMO)

The CMO installment found that “where the CMO and CIO work well together, the enterprise is 76 percent more likely to outperform in terms of revenues and profitability.”

The report also recommended the CMO to “work with the CIO to build a secure and scalable cognitive analytics capability within your organization.”

Chief Financial Officer (CFO)

A 2016 Harvey Nash cybersecurity survey found that 49 percent of cybersecurity professionals surveyed reported that CFOs had “major knowledge gaps” when it comes to cybersecurity. An article by Craig Calle put the CFO’s requirements thusly: “CFOs need to step up and recognize their fiduciary duty to treat data as one of their company’s most important assets and sponsor initiatives to protect and monetize them.”

Without close collaboration from the CIO and the CISO, this task would be nearly impossible. Cybersecurity requires a symbiotic relationship between the CFO and security leaders.

Recommendations for the C-Suite

CHROs

CHROs must engage with the CIO/CISO — not just to tackle the issues around employee-owned technology such as BYOD, but also to address the need for effective, constant security awareness and anti-social engineering efforts. Technology alone cannot solve the security issue; it requires a human touch.

The 2016 “Securing the C-Suite” report commented that “as the stewards of sensitive employee personal information, which is highly coveted by hackers, CHROs should be at the forefront of their organizations’ cybersecurity efforts.”

Recommendations targeted at the HR function include protecting employees’ personal information, enforcing cybersecurity training and establishing clear job roles for all hires.

CMOs

CMOs, as consumers of increasing quantities of information including big data and the dreamy business promises of data analytics, should keep the CIO/CISO in the loop. They are allies not just from a technological enablement perspective, but also for support.

While it may be tempting to retain old customer behavior data, the concept of toxic data is something to seriously discuss with your CISO/CIO. Bruce Schneier cautioned against the thought that “because the cost of saving all this data is so cheap, there’s no reason not to save as much as possible, and save it all forever.” He warned that “what all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous.”

CFOs

The CFO should work collaboratively with the CIO/CISO to “incorporate the security assessment into the enterprise risk plan as appropriate” and to “establish a security governance model and program to encourage enterprisewide collaboration.”

Be sure to check back next week for the final installment of this three-part series, “Securing the C-Suite, Part 3: All Eyes on the CEO.”

 |  |  |  | 
Christophe Veltsos
InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature