BUSINESS surveillance
It ’ s become clear that cybersecurity and risk management are undeniably linked .
One seemingly isolated supply chain disruption can create operational , financial and reputational damage for the companies that rely on the supplier ’ s products . Because of this , CISOs have had to adopt a more holistic view of their software supply chain to properly assess what security risks other business units could inadvertently bring into the business .
They ’ ve also had to broaden the scope of risks they evaluate beyond cyber-related factors , including geopolitical events , physical infrastructure vulnerabilities , customer demands and brand trust .
When enterprises consider expanding into new markets , CISOs now often weigh the impact of that market ’ s regulatory compliance measures and IT infrastructure risks related to physical locations on the security of the business .
Additionally , emerging regulations are pushing organisations to adopt more robust risk management practices . The SEC ’ s cybersecurity rules for public companies require the disclosure of material cybersecurity incidents and the company ’ s approach to risk management , strategy and governance .
Similarly , the NIST Cybersecurity Framework v2.0 expands beyond IT risks and emphasises enterprise risk management by integrating cybersecurity risk with broader organisational processes .
All this said , it ’ s become clear that cybersecurity and risk management are undeniably linked . The interconnected nature of these risks encourages an integrated approach that many CISOs are wellsuited to implement .
The benefits of a CISRO
So , if CISOs are already focused on managing risk for their organisations , what difference will it make to change their titles ? Officially designating
64 WWW . INTELLIGENTCISO . COM