By Shankar Bhaskaran, Managing Director – India, MetricStream
The CISO’s role has been evolving steadily over the past few years. More so, it made an evolutionary jump during the pandemic as businesses faced greater cyber risks, new regulations, accelerating digital transformation. During this time CISOs saw themselves playing a strategic role rather than just performing operational duties. Their opinions became a crucial part of business decisions.
Today the CISO’s role has evolved to become one of the most significant in the organization. They have become key enablers of business performance by protecting business assets and data privacy. A 2021 survey of global CISOs found that 45% of CISOs now have responsibility across the three key areas of security, risk, and trust.
Here’s a look at how Next-Gen CISOs are influencing business decisions.
Business Strategy: CISOs are now seen playing a strategic role in organizations. Their role has expanded from managing IT security to understanding the business strategy, managing end-to-end cyber risk management, and aligning it with organizational goals to build cyber resilience. Mapping organizational strategy, technology, infrastructure, compliance requirements, and embedding cyber security into the culture, process and technology are all part of the CISO’s responsibilities. The CISO also leads security change by maintaining a line of sight into technology trends and disruptions, aligning information security investments and cyber risk mitigation steps with business priorities.
Building-integrated data protection frameworks: CISOs today are using AI-enabled Connected-GRC platforms to build robust information and integrated data protection programs for their organizations. This includes establishing the cyber risk management framework for sustainable protection assurance for all intangible assets and strategic advantages. CISOs today are also involved in conducting cyber audits and training both cyber security and general employees in security protocols and safe practices.
Providing visibility on third and fourth-party risks: As companies continue to outsource, multiple vendors get added to the business processes. These range from cloud service providers and technology partners to sub-contractors and consultants. Of these, only a few vendors may have the systems and capabilities needed to sufficiently keep cyber threats away. With third and fourth party IT vendors now part of the extended ecosystem, CISOs today are providing visibility on vendor risk. Identifying and ranking vendor relationships, performing due diligence, conducting regular security evaluations, monitoring vendor compliance with cyber security standards, tracking updates, etc., are some of the key priorities for Next-Gen CISOs.
Business Governance, Risk, and Compliance: CISOs today can no longer operate in silos. In the era of Connected-GRC, a CISO’s role now includes enabling continuous regulatory and standard compliance across all digital assets and processes. For example, aligning business transformation to net-zero carbon emissions is a complex process. To make this work, companies would need an ESG framework that is integrated into business strategies and processes. A data-driven approach must be used to set targets for reducing carbon emissions and improving energy efficiency. Today CISOs are assisting Boards by working on metrics to tie business goals to ESG goals. Cyber governance, including overseeing the smooth running of cyber resilience initiatives and regular reporting to corporate leadership, also falls under the purview of the CISO.
C-suite Communication and MIS: The CISO holds the unique responsibility of communicating cyber risks in a way that the board and the rest of the C-suite can understand. Developing efficient management information systems that demystify technical cyber security details and express risk in easy-to-comprehend heat maps are part of the CISOs profile. In addition to this, the Next-Gen CISO is expected to quantify risk in monetary terms to help the leadership prioritize risk asset protection.
According to a global security information survey, 25% of CISOs are confident that they can quantify, in financial terms, the effectiveness of their spending in addressing risk.
As India forges ahead on its path of digital transformation, CISOs must build seamless cross-functional relationships that support innovation and transformation. Next-Gen CISOs are already carving out this role for themselves. They are seen engaging with their boards more regularly while playing an active role in the decision-making process. It is encouraging to see that Next-Gen CISOs are emerging as strategic thinkers and agents of change.