Digital Transformation offers businesses many competitive advantages and investing in it means that organisations can stay on top of their game. Galina Antova, Co-founder and Chief Business Development Officer at Claroty, discusses the CISO’s role and how they can be a key part of implementing change when it comes to communicating cyber-risks and preparing for business transformation.
If last year taught us anything, it’s that adaptability and flexibility are essential qualities for any modern business looking to succeed. Many businesses were not prepared for the current pandemic, but those who had already embraced Digital Transformation with cybersecurity baked in were ready to go remote and were able to continue doing business with minimal interruptions. Those who were not prepared are now beginning to realise not only what Digital Transformation can offer, but also why they need to pay closer attention to and prioritise cybersecurity in order to reduce overall risk. Despite this, many of them do not know where to start.
With Digital Transformation and cybersecurity becoming pillars that successful companies will build their futures on, the time has come to include CISOs on company boards.
Communicating cyber-risks
The predominant focus areas of any board are always revenue and risk. As enterprises adapt to the current state of working and initiate Digital Transformation projects, many are finding that accurately identifying risk – and then actually being able to reduce it – is exceedingly complex. What’s more, we in the cybersecurity industry know that cyber-risk is not always top of the executive priority list, especially in my field of Operational Technology (OT). This means that board members need to be guided by expert advice on how to move forward with digital change initiatives securely – which is where CISOs come in.
Nowadays, more and more organisations are prioritising cybersecurity – for example, Cybersecurity Ventures predicted that 100% of large corporations globally will have a CISO or equivalent position by 2021 – however, there is still work to be done. CISOs can bring so much value to board-level discussions but in order for organisations to fully reap the rewards of Digital Transformation and also ensure their business is protected, CISOs need to be given the chance to elevate the conversation around cybersecurity issues with the other major stakeholders in the business – CIOs and CDOs in particular.
Once given that chance, it is the CISO’s responsibility to ensure they are communicating effectively, in a way that will resonate with other board members. One way to do this is for a CISO to change their narrative to the board in order to fully represent the technology agenda in a way that leadership will understand. It is also vital the information they share relates to the wider business goals. For example, competitors are always going to be a prime concern for board members, so if a CISO was to provide insight into the competitive advantages that technology can enable, it’s more likely the board will listen to them.
Money is also something that will always be top of mind for the board, so advising them on how much money security initiatives will cost them versus how much money they could lose should they fall victim to a cyberattack, will not only make cybersecurity more of a priority, but will also allow the CISO to secure the budgets needed to be successful in protecting the organisation against the threats it faces.
Digital Transformation aided by diversity of thought
Diversity has been a word on everyone’s lips in recent years and the topic really came to the fore in 2020. However, it’s important to realise that diversity not only includes gender and racial diversity, but also diversity of thought. This is especially true at the board level, where many board members have historically hailed from predominantly financial backgrounds. However, it’s good to see that this does appear to be gradually changing, with a recent report finding that in 2019, a rising number of UK companies had directors with a technology background.
The most successful boards will have a balance of skills among their members, some may be more financially experienced, others may have marketing or HR backgrounds. Nevertheless, as the discussion on risk and security is heightened and becomes more complex, organisations must also look towards a future with more technology expertise at the helm of their leadership. A simple and logical way to do this is to give CISOs a seat at the table.
Pull up a chair
Nowadays, every company is becoming a technology company and it’s clear that Digital Transformation and having the latest technology and cybersecurity knowledge are both competitive advantages. Businesses who have not implemented Digital Transformation yet, and are simply waiting for the next crisis to hit before they make a change, are unlikely to survive that long.
CISOs can offer their expertise to highlight how changes to a company’s infrastructure can increase growth and reduce risk, what an organisation’s risk posture looks like (including exposure from new initiatives and the relative impact of potential breach scenarios), as well as what can be done to mitigate any risk the organisation is facing.
By giving CISOs a seat at the table, enterprises will be able to move forward with digital change initiatives much more effectively and efficiently, ensuring they are prepared for whatever the future may throw their way. On the other hand, boards that lack the CISO perspective may fall into a sense of complacency and mistakenly believe they have all of their bases covered. Some boards have been thwarted from making important strategic decisions because they lack the background to understand the full extent of the doors that Digital Transformation opens.
So, how can businesses survive?
Organisations need to make sure they’re looking at reducing the complexity of any digital initiatives they plan to embark on, as well as building security in from the start. These two factors will make a business far more resilient, as well as allow for cost reduction and an optimisation of productivity. However, if businesses do not have an individual such as a CISO who has experience in these two things leading the charge, they’ll never fulfil their potential.
Undoubtedly, organisations who make room for a CISO on the board, will have a competitive advantage over the rest. So, what are they waiting for?