CISO Vs. Board – the Eternal Struggle

One of the toughest (if not biggest) challenges faced by the CISO is convincing the Board to invest in continuous cybersecurity.

The expectation and pressure on the CISO to protect the organisation from a major breach is high – the on-going budget generally not so.

img1

How do you demonstrate the need for buy-in?

Buy-in from the board to make cybersecurity, ‘Business as Usual’ – right alongside all Risk Governance – is critical.  An annual pen test and VA scanning with no actionable intelligence is not good enough.  And it won’t protect an organisation.  Cyber risk is dynamic, cyber security is dynamic - you need tools that are always-on and can be instantly deployed to give you actionable intelligence if you want round-the-clock visibility and the ability to manage your security posture.

img2

Reputation

We’re not talking about the corporate image here – we’re talking the CISO’s reputation!

If a breach occurs on their watch then it’s ‘all eyes on the CISO’. Having got trust, buy-in and budgets with the Board, the inevitable fall out is going to be a shared responsibility and therefore a whole lot easier to handle.

Cybersecurity is not a confusing or complicated topic - but we – the industry – have made it so.  Fuelled by the scaremongering media, cybers have ridden high on mysticism, secret intel, dark arts and technical skills smoke screening.

Security teams need a way to clearly demonstrate to stakeholders the need to invest in and encourage an organisation wide cyber aware culture. Tools like  CyberScore™ can help by:

  • Giving a evidence-based Risk Score on demand
  • Generating board-level Reports outlining the organisation’s security posture, vulnerabilities and a Get Well Plan
  • Automating the bulk work of pen testing and making it affordable and rapid
  • Continuously tracking security posture, vulnerabilities, remediations and score
  • Tracking cyber risks across supply chains and third parties without the need for consultants or questionnaires
  • Dramatically reduce the cost and improve the quality of compliance penetration testing

One big feature of CyberScore™ is peer rating, which shows users if they’re in the top 10% of organisations for cybersecurity, the worst 10% or somewhere in between. Showing stakeholders where their organisation sits compared to competitors can be an excellent incentive for them to do more to improve the score.

image4

It’s the CISOs Responsibility

Yes, there is an eternal struggle with boards and budgets but it’s ultimately the CISO’s responsibility to educate the board and key stakeholders, make recommendations on investment in the latest technology and adopt a ‘Business as Usual’ approach to cybersecurity.

For further reading visit –

The future is automated security testing

Democratise your cybersecurity with CyberScore™

Busting Cyber Myths – I’m too small to be a target

Follow us on FacebookTwitter and LinkedIn