So with security challenges being greater than ever in today’s digital world, the burden to protect the intellectual property and the data that flows throughout the organization has extended beyond the sole responsibility of the CISO.  And this has really come up as a key topic with our customers: how do we explain the current state of security, and what to do about it, to the C-Suite?!

Together with the IBM Institute for Business value and Global Service’s security team, we recently published a paper (Managing Threats in the Digital Age) that shares our thoughts on how the entire C-suite has to take a role in protecting the organization – a sort of balanced approach – that gets everyone thinking about security, risk and compliance.

In summary, security issues require the attention of the entire C-suite of executives because of the dependencies that exist between the silos – especially when back things happen.  For example, as CHROs expand the workforce with temporary contractors,  they need to be concerned about access control to sensitive customer data or intellectual property; CFOs need to be concerned about meeting regulatory guidelines to avoid stiff penalties for non-compliance and and CMOs need to worry about brand image when external attacks occur to the network and news of the breach hits the media.

Also mentioned in the “Managing Threats…” white paper, we give our perspective on what we think the next major step in security controls, processes and technology will be. It looks at the connected system of people, infrastructure, applications and data and how we can use analytics to correlate events and insights across all these domains to make security a more manageable task.  It takes some things that IBM is very good at, like analytics, and uses that technology to more effectively find that ever illusive needle in the haystack.  Watch this space for more exciting news in the future about security analytics.

So, what are your thoughts?  Are C-level executives starting to share the security responsibility beyond just the CIO and CISO?

More from CISO

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…