The new CISO – Building a strong foundation for a successful future

Looking at the rapidly evolving role of CISOs and their teams, many organizations have yet to optimize their approach to cybersecurity to a place where it’s not just a preventative business function but assumes a wider role in business success, be that customer acquisition, retention or any number of other critical factors.

It’s an approach that should begin with CISOs building an understanding of the wider business and the importance of strong relationships well beyond the security team. It’s vital that security leaders know how their business operates and understand where the pain points are for their leadership colleagues.

As far as the CISO is concerned, it doesn't matter whether they are focused on sector specialisms such as building a new portal in a wealth management business,  creating a new drug where the leaders in that organization work directly with R&D, or whether it is a retail organization that is trying to launch a new line where responsibility lies with a creative team – the list goes on. In every case, CISOs should seek to build those relationships so that security can play a proactive role in enabling other leaders, teams and departments to succeed in a way that goes well beyond protecting digital assets.

Building trust is more important than ever

Let’s take trust as an example. For many CISOs, building and maintaining trust across every stakeholder that has an interest in effective security means working with a broad church, ranging from customers and partners to colleagues. In its general sense, trust is based on doing right by others, be that customers, partners or colleagues. On a product level, it’s more about maintaining trust within platforms and products, and on a personal and individual level, trust plays a big role in leadership, staff retention and building a positive culture.

Some organizations are becoming heavily invested in the concept and delivery of trust. Because of this, it is becoming a formalized part of the CISO’s role and their wider team. Creating what some are calling a ‘Trust Office’ as part of an organizational structure can help businesses build trust within their product service offerings, maintain it through proof points such as independent certification assurance and use it as a real selling point to customers.

The interests and responsibilities of the Trust Office should cover every pillar of the cybersecurity discipline, from governance and compliance to privacy, risk management or any other key aspect of the discipline that contributes to establishing and maintaining trust.

Looking at technology provider partnerships offers a useful example of the trust process CISOs need to undertake. It needs a 360 perspective and is much more than simply asking whether a partner has ‘won’ your trust or not - it also needs some introspection to help establish a good framework for trust to thrive.

Key questions a CISO needs to ask of their own organization include:

1.        What is your own risk appetite? At a strategic level, what levels of risk is your business prepared to take in the months or years ahead when choosing new partners?

2.        What are the risks of operating with the partner in the environment that you are evaluating?

3.        Does the partner understand your pain points? Do they understand your business priorities and new opportunities that might introduce security risks?

Organizations that view cybersecurity through this lens of trust have a less fragmented and more cohesive view of how to engage with their stakeholders, where to focus time and investment and where priorities should be placed.

Similarly, it goes without saying that trust is important for customers, but this is a process that has become increasingly nuanced in the digital transformation era, with customers becoming highly engaged and intent on understanding much more about who they do business with. In markets such as cloud service provision where customers are – to a greater or lesser extent – giving away responsibilities and control to partners, they need to feel like everyone involved has ‘skin in the game.’

Trust isn’t just about being on the end of a support call 24/7, it’s about demonstrating a commitment to customer success as well as your own. The provision of effective cybersecurity has become so inextricably linked with maintaining successful relationships that businesses must widen the reach and impact of the role to demonstrate genuine customer empathy.

CISOs will play an increasing role in meeting these diverse needs, and their ability to establish a foundation that can broaden the value and impact of cybersecurity will be tested in the years ahead.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.