In many companies, early CISOs were little more than figureheads. This was primarily due to the fact that cybersecurity was still not taken seriously. As more businesses became victims of cyber-attacks, government rules began to include the CISO as a critical component of a comprehensive cybersecurity program.
CISOs spend far too much time on security operations, policy drafting, and vendor management, and less time on business strategy, where their time would be better spent.
Non-security executives see cybersecurity as a technical issue that has little bearing on business outcomes. Security conversations, on the other hand, provide an opportunity for partnership.
For years, there has been a gap between non-technical and security leaders. Companies have begun to address the disconnect in the last four years, albeit slowly. Enterprises will understand that the CISO is not a catch-all for all security-related areas as CISOs mature and make their contributions to overall business goals clear. The CISO’s evolution is as empowering for individuals as it is for businesses.
Because of the difficulties of remaining in this culture disconnect or in an environment where there is a cultural disconnect, corporations will encourage some of the status quos. A CISO’s reputation might be harmed by misaligned expectations, especially if the blame for an incident falls solely on security.
What will evolution bring about?
Since CISOs are now over-investing their time and resources, miscommunication develops, which can jeopardize the role’s genuine purpose. The pandemic has influenced the CISOs’ and security leader’s evolution. The executive shift has been that it is no longer about investment, protection levels, or technology. It’s all about value, and what firms offer to the table.
CISOs today would actually need to operate more like a controls manager or risk-decision owner rather than a trusted facilitator or value creator. As they leave a company or business, it is up to the leader to be able to bring out these cards and exhibit their profiles. Businesses cannot impose different leadership profiles on different types of organizations; this is where many difficulties resurface and come back to haunt people.
Today, half of CISOs expect their responsibilities to grow. Industry experts also warn that if a CISO does not embrace changes in their role, their organization will be more vulnerable to security breaches.
The role of the CIO is becoming more of a catch-all these days. Nearly a third of security programs have begun to add at least two more jobs to assist with some of this year’s challenges. Some of the jobs that relieve CISOs of their odd-job security responsibilities include digital or technology risk officer, CSO, cybersecurity-proficient board members, and product security officer.
For more such updates follow us on Google News ITsecuritywire News