And it is on this last point that the CISO is particularly key. Only the CISO is in a position to translate cyber threats into business risks and to recommend suitable solutions. It is their responsibility to carry this risk-based approach of cybersecurity and to spread it to all levels of the organization through tools and, above all, cultural awareness.
This is, in fact, the role that the decision-makers surveyed assign to them primarily. According to decision-makers, the CISO’s main function is precisely to cooperate with the business lines so that they carry out their activities within an acceptable risk framework. A welcome sign of confidence, but which does not mask the enormity of the challenge ahead!
Which of the CISO’s various missions is the most important?
- 47%: Cooperating with lines of business to encourage activities within an agreed risk posture
- 45%: Reducing the likelihood of threats (internal and external) compromising the enterprise and its assets
- 43%: Integrating security with the enterprise environment to drive cost and efficiency benefits
- 42%: Establishing the enterprise’s security risk profile
- 41%: Empowering existing staff to drive improved output
- 41%: Optimizing the security stack to improve security posture
- 25%: Enabling the enterprise’s digital transformation initiatives (securely)
