end-point
ANALYSIS
CISOS: GENUINE RESILIENCE TRUMPS SEEKING BOARD RECOGNITION
Cybersecurity investment must show ROI in the form of resilience, says Raghu Nandakumara, Head of Industry Solutions at Illumio.
1995 was a landmark year in tech. Netscape Navigator was launched and the commercial restrictions on the Internet were removed, marking the beginning of the‘ Information Age’. Toy Story debuted as the first fully computer-generated film and Steve Katz at Citicorp became the first-ever CISO – a significant milestone in cybersecurity.
Fast-forward 30 years: the Internet is ubiquitous, we’ re on Toy Story 5 and the CISO role is more critical than ever.
But greater recognition brings more accountability and risk. Research from the Ponemon Institute shows CISOs are increasingly held solely responsible for ransomware threats. As a CISO, this means not only are you accountable for everything from data protection to policy and risk management, but you now risk becoming the scapegoat when something inevitably fails.
Resilience must take precedence over mere prevention. Today, your mandate isn’ t to stop every breach, but to keep the business running when one inevitably happens.
How ransomware changed the game
Cybersecurity has never been just an IT problem – it’ s a business risk. Attacks disrupt operations, damage trust, and cost millions. For Synnovis, the impact was catastrophic – estimated losses of £ 32.7 million, seven times its annual profit.
It’ s not scaremongering; it’ s a fact – 62 % of UK organisations have had to shut down operations following a ransomware attack, according to Ponemon. Yet, despite this, just 19 % of the IT security budget is focused on addressing the ransomware threat, with the majority prioritising prevention. Waiting for a breach to reprioritise or justify more funding isn’ t an option – by then, it may be too late.
The ironic thing is that attackers aren’ t doing anything new. They still exploit misconfigurations, lack of segmentation, outdated patches and poor access controls to move through organisations and reach critical systems. But the impact is getting worse.
Attackers don’ t need to change their behaviour – why would they? It’ s working. Defenders do. So, where should you start?
1. Adopt a proactive, resilience-first mindset
Despite good intentions, security is inherently reactive. Measures like meeting regulatory requirements or deploying firewalls focus more on responding to immediate risks than long-term strategy.
76 WWW. INTELLIGENTCISO. COM