This is the final installment in our three-part series on securing the C-suite. Be sure to read Part 1 and Part 2 for more information.

Chief executive officers (CEOs) are under intense pressure from all sides. From an economic perspective, areas that were once the domain of a few favored organizations are now ripe for disruption by newcomers. Indeed, according to IBM’s “Redefining Competition: Insights From the Global C-suite Study – The CEO Perspective,” CEOs believe technology is the chief external influence on their enterprises. More specifically, cybersecurity issues have crashed into the C-suite and the boardroom, and top leadership is under the spotlight when it comes to achieving an acceptable cyber posture.

Getting the CEO Involved in Security

A 2016 report from the IBM Institute for Business Value, “Securing the C-Suite: Cybersecurity Perspectives from the Boardroom and C-Suite” provided valuable insights for CEOs about the dynamics within the C-Suite and their impact on cybersecurity.

Chief among the findings of the report is the disconnect between the technological leaders (CIO, CISO and/or CRO) and the rest of the C-suite. CMOs, CFOs, CHROs and even CEOs are reported to be the least engaged when it comes to cybersecurity threat management activities. These executives often feel as though cybersecurity preparations didn’t include them in a functional approach, according to the report. CEOs were the most skeptical of all CXOs when asked whether the cybersecurity strategy of their enterprise was “well-established.”

While it could be tempting for the CEO to ignore these warning signs and relegate them to the concerned parties to fix (i.e., the CIO/CISO/CRO on one side and the rest of the C-suite on the other), doing so would signal to the rest of the C-suite that cybersecurity isn’t much of a concern. As to the wisdom of such a stance, the number of CEOs that have lost their jobs — or quit voluntarily — after a major data breach speaks for itself.

CEOs cannot afford to be complacent about security, and that means everyone in the C-suite has a role to play. If there’s a disconnect, the CEO must send a clear signal that all parties are to work out their differences — or in some cases their indifference — to own up to their responsibilities and help lead the organization toward a healthier cybersecurity posture.

Collaborating for Success

In its “Exploring the Inner Circle: Insights From the Global C-Suite Study” report, IBM found that “the ability to collaborate is the most important factor” and that “how the members of the C-suite collaborate is as significant as the extent to which they collaborate.”

An accompanying report shed light on three specific sets of collaborations within the C-suite that resulted in top-performing organizations: the CEO-CIO-CMO relationship, the CEO-CFO-CMO relationship and the CEO-CFO-CHRO relationship.

Beyond those relationship triangles, the selection of the CISO and placement of this role within the organization is also going to have a significant impact on the nature of the conversations around cybersecurity.

How should CEOs proceed forward to tackle cybersecurity? The “Securing the C-Suite” report provided key recommendations, including striving to “make cybersecurity an intrinsic part of business processes and decisions.” Building security into the organization and then having the CEO remain involved is critical to a business’s long-term success.

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read