Pierre Samson , CRO , Hackuity
CIOs now play an increasingly important role in driving strategic change within their organisations . They ’ re instrumental in shaping the direction of the company , not only through Digital Transformation projects but also through the advanced analytics and intelligence tools . These are transforming the way that we work , particularly in the era of AI , when organisations are navigating how best to leverage a new wave of tools , with the right privacy protections and security guardrails in place .
At the same time , as the cyberthreat landscape brings new challenges , they are responsible for ensuring that the skill sets and technology their organisation has in place are a match for ever more advanced and well-resourced adversaries . As their remit evolves , their focus must be on ensuring that their teams are providing the engine room for change and innovation – and nearly everything in the business relies on cybersecurity .
Long gone are the days when cybersecurity was viewed as a cost centre and the team ’ s primary function was to ‘ keep the lights running ’ and the bad guys out . Now , cybersecurity is more closely aligned with the business goals of the organisations . This is becoming one of the most critical areas that CIOs are spearheading .
It ’ s no longer just a technology function ; cybersecurity requires a level of business acumen , and teams need to understand how to shape the performance of the business , with an eye to the future . The skill sets needed from their teams are core to enabling them to deliver on this , especially at a time when cybersecurity underpins many of the critical functions of the business . CIOs need to ensure that their teams are communicating the value that cybersecurity brings , in terms and a language that resonates with other business leaders .
They should be comfortable in how to present the value of cybersecurity beyond ‘ security metrics ’ – it needs to be demonstrated in real business terms particularly when budgets are under more scrutiny and demanding more justification .
Threats are changing faster than our defences – there are growing challenges in maintaining security given the ever-expanding attack surface . Meanwhile , many businesses are now incorporating AI into their processes . The skillsets of teams need to be constantly aligned with these to keep pace .
According to a report earlier this year , 42 % of enterprise-scale organisations are actively using AI in their businesses , and a separate report cites that AI skills are currently the most in-demand skill for most enterprises .
While we can expect the security risks to increase as a result , innovations in AI will also help to offset the skills gap and by automating and simplifying routine , manual tasks .
AI could prove to be an ally in helping organisations to streamline essential business processes as the skills crisis continues to strain teams ’ resources .
Gareth Pritchard , Chief Technology Officer at Sapphire
The question of how to make cybersecurity accessible and unobtrusive to the entire team – from intern to boardroom – is something that could occupy a CIO ’ s thoughts for days . No-one wants cybersecurity to be seen as another problem or ‘ thing ’ they need to think about on top of their already busy day jobs .
To embed cybersecurity within the business , and therefore make cyberskills development and assessment easier to manage , CIOs need to look at their organisation ’ s cultural identity and align their cyber communications and strategies accordingly .
But what do we mean by cultural identity ? For every organisation , they will have a set of values and approaches that reflect and embody how the business wants to be viewed , both internally and externally . This binds everyone together , so everybody knows what is expected of them . By thinking about cybersecurity in the same way , and using the language , tone , style and values held by the organisation as the core for which to build communications around , the CIO will be able to enhance cyberskills across the business , not just in more traditional ‘ technical ’ areas .
A great example is the British Library . At the end of 2023 , they were victim to a large-scale ransomware attack that compromised the majority of its online systems . Many organisations prefer not to share much information on an attack , only revealing what they must to the relevant authorities . Yet , from the outset the British Library have been transparent and open about the attack , what happened , and most significantly the learnings they have taken from the incident .
One of the most important tools that can be deployed is active ‘ fire drills ’ and postevent debriefs so there is a continuous cycle of learning throughout the business .
WWW . INTELLIGENTCISO . COM 49