A growing number of companies are willing to increase their risk appetites to get ahead in the wake of unpredictable environments and innovative technologies’ potential to provide competitive advantages. CISOs must evolve more thoughtful risk-based vendor relationships, add requests for evidence of security controls, shift to resilience-based thinking, and work to get ahead of coming regulations.
CISOs should identify and proactively manage future risks by notifying decision-makers about new security strategies, norms, and technologies. It is imperative that relationships continue to evolve with senior leadership outside IT and security to ensure effective communication of organisational risk. Lastly, tracking and addressing skills gaps with creative talent management practices will help cybersecurity leaders stay ahead of the curve.
Strategies for Establishing Cyber Judgment
- How are you equipping decision-makers throughout the organisation to independently make informed risk decisions rather than relying on automation?
- Many CISOs have turned toward the organisation of cyber fusion teams to operate in a more product-centric way. What strategies to embed security within the organisation have you tried? How are you changing mindsets and workflows?
- What methods have you found effective when communicating the balance of risk, value and cost?
Nurturing a Cyber Risk-Aware Culture
- Have you built a formal security behaviour and culture program that targets end-users, executive leadership, and the board? How have you done this? What benefits are you seeing?
- What sort of roles are you hiring for in the coming year? Are they more business-focused or technology/security focused?
- How are you involving business leaders in cyber decision-making to ensure joint responsibility?