Intelligent CISO Issue 49 | Page 41

EXPERT OPINION

Opening up communication between your board and CISO

Adam Burns , Director of Cybersecurity at Digital Guardian by HelpSystems , offers some top tips for building a culture of cybersecurity and ensuring productive communication between the CISO and the board .
Adam Burns , Director of Cybersecurity at Digital Guardian by HelpSystems echnology is no

T longer just the backbone of a business , it ’ s the driving force . The complex set of skills required to advance an organisation in this challenging digital age – in the context of brand-crushing security challenges – is immense .

The CISO ( Chief Information Security Officer ) is a critical business advisor who leads security teams to compose strategies , select solutions and drive those strategies forward . Aligned to business objectives , they collaborate at board level on security strategy , cyberrisk and building security into Digital Transformation . They ensure security runs right throughout the business and their role is continually evolving .
For years , the CISO ’ s value wasn ’ t truly recognised , but it has since grown to become an integral part of many executive boards . Yet , sometimes , the CISO-board relationship isn ’ t there or they ’ re not getting the airtime they deserve .
For boards , it ’ s worth understanding the vital security needs for safeguarding a business ’ biggest assets and its reputation . While different facets of the business have their own vested interest in security , it ’ s critical to take a holistic approach and give the CISO autonomy to make critical security-related changes company-wide – for several reasons :
Investment in cybersecurity protection
Global cybersecurity spending increases each year in line with the increasing scale of security threats . ISG Research reports that cybersecurity spending has nearly doubled year on year . It accounted for 4.7 % of total IT spending in 2020 , up from 2.5 % in 2019 . Yet many organisations still don ’ t invest enough to be adequately protected .
Insufficient cybersecurity budgeting is a risky business , which can open up weaknesses across the business . Those with outdated technology have reduced visibility across their ecosystem , leaving arguably their biggest asset – data – at risk of threats . Investing in security skills and building a robust team is vital to be able to use the latest technologies , AI and Machine Learning , to detect and act on any suspicious activity or threats as soon as they arise . www . intelligentciso . com
41