As organizations are undergoing digital transformation, Cybersecurity is gaining a lot more attention than it used to get 3-5 years back. At the same time, there are several external factors such as an increase in cyber-attacks and data breaches around the globe, that are creating new waves of trouble for business executives around the globe. Malicious actors are targeting the Personal Identifiable Information (PII) and Intellectual Property (IP) of multi-national organizations. According to the McAfee report[1], PII and IP theft are major cybersecurity concerns for organizations in Asia-Pacific. With these changing dynamics, the business executives understand that any cyber-attack or a data breach can cost organizations millions of dollars in business loss or regulatory fines, or both. Both internal and external factors discussed above, have helped evolve CISO’s role over the past few years.
If we look at the last decade, CISO’s position was upcoming, and the role was limited to looking at physical security, a handful of applications, and perhaps Data centre. However, a lot has changed over the past few years, and now if we look forward, to 2021-2030 as a decade, Board is viewing CISO as a strategic partner in developing IT and security strategy. CISO is responsible for securing operations that are spread across the globe, with his/her deep technology knowledge. CISOs are increasingly making strategic decisions such as evaluating new architecture paradigms, implementing emerging technologies across the operations, assessing how and when to migrate to the cloud (if not already done), and analyzing the benefits of security decisions that s/he has taken in the past few months or years.
CISO has also started working closely with CIOs, CROs, and even COO, ensuring the security of the entire business, including supply chain, 3rd party security, applications (on-prem and on the cloud), evaluating vendors based on risk assessment, and much more. Using metrics as a lens of maturity, where CISO was largely evaluated based on several data breaches and business loss, s/he is now being evaluated on parameters such as speed to market for application products, integration of security in DevOps, the frequency of updates provided to the Board members, the success of IRM programs, the effectiveness of Cyber war-games conducted, etc.
Since Cybersecurity can’t be an after-thought anymore, the CISO role has matured to provide expert opinion and help the business executive to make informed business decisions. Thus, CISO’s role now is an amalgamation of technology expertise, Operations, and Strategic thinking.
[1]https://www.livemint.com/technology/tech-news/data-theft-and-intellectual-property-key-concern-mcafee-report-1556607971270.html