cybersecurity, CISO, cyber risk, Chief Information Security Officers

5 Cybersecurity Challenges Chief Information Security Officers Must Tackle in 2021

Chief Information Security Officers (CISOs) operate in a world full of systemic risk, fueled by forces beyond their individual control. Unfortunately, despite a myriad of technological advances and the adoption of seemingly countless security products  —  CISOs have gained little in competitive advantage over their adversaries.

According to a recent World Economic Forum (WEF) future series report, Cybersecurity, emerging technology and systemic risk, “the approach to cybersecurity needs to be overhauled before the industry finds itself in any fit state to tackle the threat.”

Overhauling and future-proofing cybersecurity will require a new strategic technological approach to addressing five global cybersecurity challenges:

  1. The inability to assess, communicate and manage the financial impact of cyber events – and thus the business risk to the organization
  2. Increasing sophistication of cyberattacks and cyber adversaries
  3. Widening cybersecurity skills gap
  4. Lack of intelligence and operational information sharing
  5. Underinvestment and lack of business buy-in

Assess, Communicate and Manage Cyber Risk in Financial & Business Terms

Presenting cybersecurity risk to senior business leaders requires translation to bridge the gap in language and understanding. To do this, however, requires the CISO to ensure he or she understands their company and its business.

Most businesses don’t know what their exposure is to any given cyber event, including what the impact is in terms of response costs, lost revenue, and other secondary forms of loss such as fines and judgments. Until now, the result has been a lack of focus on the risks that matter most to the business and an inability to communicate an accurate risk posture to the C-Suite and board of directors.

The Rosetta Stone that translates the technical nature of security into the language of the business is here – cyber risk quantification. By quantifying cyber risk, Chief Information Security Officers have the ability to speak the language of business.

“I think it’s incredibly important to evolve the way that we talk about cybersecurity,” said Michael Daniel, a former White House cybersecurity policy advisor and the CEO of the Cyber Threat Alliance, in a recent interview with the ThreatConnect Podcast. “Cybersecurity is now a critical enabler for most businesses to continue operating. And it needs to be framed in that way. And I think that’s very much the place that we need to move is putting it in those business terms, framing it in those risk terms.”

Read the entire blog here: