Intelligent CISO Issue 53 | Page 60



In March 2022 , the US Securities and Exchange Commission ( SEC ) proposed amendments to its rules regarding the disclosure of cybersecurity expertise within businesses . These amendments are meant for institutional investors , shareholders and investors to showcase the need for heightened focus towards cybersecurity at the core of business , surpassing conventional strategies that have allowed multiple headlining cybersecurity breaches over the past few years . Here , Mark Brown , Global Managing Director of Digital Trust Consulting at BSI , discusses the relationship between cybersecurity experts and top business professionals and what ’ s required for effective communication which ultimately determines the business ’ overall success .
Mark Brown , Global Managing Director of Digital Trust Consulting at BSI any cybersecurity

M professionals are not fully equipped with the business language necessary to effectively communicate with the broader leadership functions the immediate necessities , threats and path forward during and following a breach . This communication lull can impact the severity and duration of a breach and shift stakeholder perception – significantly impacting a firm ’ s bottom line and brand reputation .

Today ’ s digital trust focused operational framework has highlighted the significant need for seamless communication between cybersecurity professionals and executive business leadership to mitigate potential and current risks and fully understand the impact a cybersecurity or privacy breach can have on the business and its stakeholders .
Tasked with communicating a technical language that is not extensively used by top business professionals , cybersecurity experts are typically siloed within an organisation and are not provided a seat at the table . For cybersecurity professionals to be able to communicate effectively , they first need to be considered important enough to be heard and given space to be received by top business professionals who can make changes within the organisation . The narrative around cybersecurity and broader topics of technology risk must be understood by all parties to be an essential part of the company , not one where shortcuts can be made or efforts can be outsourced . Effective and trusted cybersecurity is integral to a successful and protected business in today ’ s digital age and , therefore , should be integrated into the core of the internal corporate structure , not passed on to talent outside the walls of the organisation .
60 www . intelligentciso . com