Top 3 Priorities for CISOs in 2024

As the new year begins, CISOs gather with their security teams and corporate management to scope out top priorities for 2024 and how to address these issues.
This year - with a multitude of new privacy laws, Securities and Exchange Commission regulations, cyber threats, and new technologies promising to solve those threats - they might be losing sleep trying to optimally stack the proverbial Tetris pieces of the cybersecurity strategy.
Of all the challenges vying for the CISO's attention, the personal and legal responsibility for data breaches the SEC has placed on CISOs could be the most challenging in the new year, says Nicole Sundin, chief product officer at Axio.
Defend Yourself Against Personal Liability Sundin likens CISOs to healthcare executives, who keep detailed records of every action they take in order to defend themselves against claims of malfeasance.
Considering that many CISOs are not covered under corporate directors and officers insurance policies, they would be liable personally under new SEC rules should a breach occurs.
That includes personal liability for both a breach with data loss or a privacy breach without data loss.
Tell the board exactly which security controls are required, their cost, and the potential loss to the company if a breach occurs due to not having the security controls in place.
CISOs must also be active participants when negotiating cyber insurance policies, Sundin says.
Normally CISOs need to sign off on what the general counsel or CFO ultimately negotiates, but without having direct input - with a written record of their recommendations - they could become legally liable protecting a non-insurable exclusion.
Monitor Emerging Privacy Threats Cyber insurers will focus on privacy breaches in 2024, predicts David Anderson, vice president of cyber liability at Woodruff Sawyer, a national insurance brokerage.
Erson says cyber insurance underwriters are expected to harden regulations on how organizations implement security on private data and privileged accounts, including service accounts, which he notes, tend to be overprivileged and often have not had their passwords changed in years.
Citing the tightening privacy laws in states such as California and Washington, he says cyber insurers are demanding organizations not only have comprehensive privacy policies in place, but be able demonstrate that they follow their policies.
Manage Third-Party Risks While privacy threats will be high on board of directors' priorities for 2024 thanks to the new SEC regulations and cyber insurers' requirements, so too will other supply-chain threats.
Forward-thinking visionaries look at third-party risk management and data in the aggregate and what data breaches mean based on emerging and expanding regulatory compliance, said Parr.
Rather than focusing on the data itself, he suggests taking a holistic approach, calling it a cross-functional supplier risk management framework.
The vast majority of companies today are struggling with TPRM, Parr says, because they focus more on the cost of data governance than on regulatory compliance, operational resilience, brand impact, or the reputational risk associated with data breaches.
Looking Ahead In the environment of increased regulation, CISOs are now held personally liable for data breaches, regardless of whether they involve data loss or privacy violations.
In response, cyber insurance underwriters are tightening their rules on how organizations should protect private data and privileged accounts.
To meet these challenges in the coming year, CISOs need to protect their organization and themselves by creating a system to document relevant actions and decisions, establishing and enforcing comprehensive and consistent privacy policies, and assessing their third-party partners in terms of operational resilience.
By working across the organization with procurement, legal, and security teams, CISOs can mitigate the potential impact of supply chain threats and insurance costs on their business - and cover themselves too.


This Cyber News was published on www.darkreading.com. Publication date: Fri, 19 Jan 2024 22:25:17 +0000


Cyber News related to Top 3 Priorities for CISOs in 2024

Proofpoint's CISO 2024 Report: Top Challenges Include Human Error & Risk - In Proofpoint's 2024 Voice of the CISO report, the cybersecurity company found that CISOs are dealing with people-centric threats more than ever. Plus, cybersecurity budgets often don't change, and AI can help and hurt CISOs' efforts. Regarding the ...
6 months ago Techrepublic.com
Human error still perceived as the Achilles' heel of cybersecurity - While fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint. CISOs' confidence is ...
7 months ago Helpnetsecurity.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
1 year ago Darkreading.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
9 months ago Darkreading.com
Top 3 Priorities for CISOs in 2024 - As the new year begins, CISOs gather with their security teams and corporate management to scope out top priorities for 2024 and how to address these issues. This year - with a multitude of new privacy laws, Securities and Exchange Commission ...
11 months ago Darkreading.com
Security tools fail to translate risks for executives - Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, ...
7 months ago Helpnetsecurity.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
1 year ago Cybersecurity-insiders.com
Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
2 months ago Darkreading.com
Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships - In a recent survey of CISOs, 86% of respondents said the role has changed so much that it's almost become a different job altogether from what it once was. In addition to their traditional responsibility of defending organizations from an ...
1 year ago Darkreading.com
Navigating the New Age of Cybersecurity Enforcement - Many equate this move as akin to a bomb going off for people working in the CISO role. CISOs are now faced with unprecedented potential liability risks, prompting the need for a proactive approach to legal exposure for security executives. To shed ...
11 months ago Darkreading.com
What CISOs Need to Know About Data Privacy in 2024 - While consumers continue to demand stronger personal data protections, companies are scrambling to keep track of an ever-evolving patchwork of applicable laws and regulations. In this environment, cybersecurity professionals need to understand the ...
11 months ago Cybersecurity-insiders.com
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs' Evolving Role - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing ...
11 months ago Darkreading.com
Why CISOs and CIOs Should Work Together More Closely - Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites. A ...
1 year ago Feedpress.me
How CISOs Can Secure High-Level Executives: Keys to Consider - Securing high-level executives is a difficult task for CISOs for a number of reasons. Executives often have access to a large amount of sensitive data and play a critical role in an organization’s success, so protecting them from cyber threats is ...
1 year ago Csoonline.com
CISOs Reconsider Their Roles in Response to GenAI Integration - Chief information security officers face mounting pressure as cyberattacks surge and complexities surrounding the implementation of GenAI and AI technologies emerge. The vast majority - 92% - of the 500 CISOs surveyed by Trellix admitted they are ...
7 months ago Securityboulevard.com
CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed - PRESS RELEASE. SANTA CLARA, Calif., June 25, 2024 /PRNewswire/ - Netskope, a leader in Secure Access Service Edge, today published new global research that finds that shifts in the cyber threats landscape have changed the way today's Chief ...
6 months ago Darkreading.com
3 Tips for Becoming the Champion of Your Organization's AI Committee - As organizations get a handle on how AI can benefit their specific offerings, and while they try to ascertain the risks inherent in AI adoption, many forward-thinking companies have already set up dedicated AI stakeholders within their organization ...
7 months ago Darkreading.com
The CISO Role Is Changing. Can CISOs Themselves Keep Up? - The role of chief information security officer has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more hats, and communicate effectively with board members, employees, ...
9 months ago Darkreading.com
Fewer cybersecurity professionals losing their jobs in breach 'blame' game - Cybersecurity job loss after a major incident is becoming less likely as organizations drop the "Blame" game for more practical approaches to breach prevention, a survey of 500 CISOs shows. More than 95% of CISOs reported their teams received greater ...
1 year ago Scmagazine.com
Change From Within: 3 Cybersecurity Transformation Traps for CISOs to Avoid - Whether they're earned or not, there are certain stigmas associated with chief information security officers: They work in isolation, with only a vague sense of how various departments contribute to the organization's greater good. Does this describe ...
1 year ago Darkreading.com
How to Minimize Friction in the Cyber Compliance Certification - Certification has always been a great way for companies to establish trust with their customers. While there's certainly an argument to be made that certification doesn't necessarily make your company more secure, today's buyers need to know that ...
1 year ago Cybersecuritynews.com
What Do CISOs Have to Do to Meet New SEC Regulations? - Ilona Cohen, Chief Legal and Policy Officer, HackerOne: It is never an easy time to be a chief information security officer, but the past few months have felt particularly challenging. The recent charges from the US Security and Exchange Commission ...
1 year ago Darkreading.com
CVE-2015-2165 - Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) ...
5 years ago
What Should We Expect for State and Local Government IT Priorities in 2024? - As we wrap up 2023, it is a great time to reflect on the current state of technology in state and local governments and look ahead to the priorities for the coming year. Maintaining the security of networks and the data they carry continues to be the ...
1 year ago Feedpress.me
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)