Even before the advent of a global pandemic, executive teams faced a challenging and dynamic environment as they sought to protect their institutions from cyberattack, without degrading their ability to innovate and extract value from technology investments. CISOs and their partners in business and IT functions have had to think through how to protect increasingly valuable digital assets, how to assess threats related to an increasingly fraught geopolitical environment, how to meet increasingly stringent customer and regulatory expectations and how to navigate disruptions to existing cybersecurity models as companies adopt agile development and cloud computing.
We believe there are five areas for CIOs, CISOs, CROs and other business leaders to address in particular:
- Get a strategy in place that will activate the organization. Even more than in the past cybersecurity is a business issue – and cybersecurity effectiveness means action not only from the CISO organization, but also from application development, infrastructure, product development, customer care, finance, human resources, procurement and risk. A successful cybersecurity strategy supports the business, highlights the actions required from across the enterprise – and perhaps most importantly captures the imagination of the executive in how it can manage risk and also enable business innovation.
- Create granular, analytic risk management capabilities. There will always be more vulnerabilities to address and more protections you can consider than you will have capacity to implement. Even companies with large and increasing cybersecurity budgets face constraints in how much change the organization can absorb. Therefore, better cybersecurity requires the ability to make rigorous, fact-based decisions about a company’s most critical risks – and which cybersecurity investments it should make.
- Build cybersecurity into business products and processes. For digital businesses – and almost every company we know of aspires to be a digital business – cybersecurity is an important driver of product value proposition, customer experience and supply chain configuration. Digital businesses need, for example, design security into IoT products, build secure and convenient customer interaction processes and create digital value chains that protect customer data.
- Enable digital technology delivery. Digital businesses cannot let slow technology delivery get in the way of business innovation, so they are scrambling to adopt agile development, DevOps, cloud computing. However, most companies have built their security architectures and processes to support waterfall development and on-premises infrastructure – creating a disconnect that can both increase risk and decelerate innovation. Forward-leaning CISOs are moving to agile security organizations that enable much more innovation technology organizations.
- Help the business address impacts of a global pandemic. COVID-19 created three imperatives for cybersecurity teams: supporting continued business operations by enabling remote working, mitigating immediate risks – and helping their business partners transition to the next normal.