In a recent survey of CISOs, 86% of respondents said the role has changed so much that it's almost become a different job altogether from what it once was.
In addition to their traditional responsibility of defending organizations from an increasingly complex threat landscape, CISOs need to reach across their organization, work closely with the C-suite, and provide high-level business strategy as it relates to risk.
This new connection between cybersecurity and business risk has pushed CISOs into the boardroom, where they are being asked to justify their investments by aligning security strategies to the board's vision for the organization.
To walk this line, CISOs have to develop critical soft skills that allow them to bridge the natural divide that has traditionally existed between operations and security teams.
These so-called soft skills - such as communication, leadership, and emotional intelligence - are now requirements of the job, allowing CISOs to navigate this delicate balance and provide high-level risk assessment and guidance for their organizations.
Collaboration Digital transformation and the emergence of the agile, customer-led business model have destroyed the silos that once permeated organizations.
Teams often operated in seclusion - heads down and focused solely on the task in front of them, with little to no visibility into what other business units were up to.
From a CISO perspective, this means looking at every aspect of the organization - from sales and marketing to the supply chain, all the way up to the board of directors - through the lens of cybersecurity risk.
CISOs now need to understand how to communicate with stakeholders and the boards around an incident.
Working together allows the CISO to break down these silos, ensuring close collaboration toward business goals without adding unnecessary cybersecurity risk.
With the appropriate transparency, any additional measures that are needed to combat a new or emerging risk or regulation should be easier to accept.
CISOs are finding that stakeholders - from regular users to the board - are more technical than ever before.
People understand the impact of working in a hybrid model or moving applications to the cloud and trust the CISO to weigh the risks with the productivity and agility benefits.
This requires educating everyone on threats, compliance, and other risks through the lens of business language and metrics that they can understand.
By educating stakeholders on how implementing a new security strategy, process, or tool can contribute to business goals - such as expanding into an emerging market, improving development velocity, or driving up stock prices - CISOs can better communicate budget needs.
Bridging the gap between technical capabilities and business results puts CISOs in a key advisory and thought leadership position that can lead to greater success.
Storytelling CISOs also have to be good storytellers, using data to craft a narrative around how the business is mitigating growing risk.
CISOs Continue to Evolve Now, more than ever before, CISOs have an opportunity to impact business strategy and change the culture of their organization.
Everyone - from the customer service rep to the chairman of the board - is listening and relying on them for guidance on how growing cybersecurity risks impact everything from their day-to-day to broader business initiatives.
CISOs need to develop new so-called soft skills to meet this challenge - using all their communication, collaboration, teaching, and storytelling skills to mitigate risk, create operational efficiencies, improve resiliency, and drive business growth.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 15 Dec 2023 15:00:11 +0000