Why You Need to Hire a CISO in 2018
Advanced security protocols were once a luxury, now they are a necessity for every business
If your business doesn’t have a Chief Information Security Officer (CISO), you’re behind the times and at risk. We can’t escape the daily headlines detailing massive data breaches. A billion compromised user accounts at Yahoo and a state-sponsored hack intended to sway our presidential election results demonstrate that cybersecurity has rapidly become a global crisis. For private companies, a serious amount of risk hangs in the balance: Cybersecurity Ventures predicts that global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021.
As a firm that helps companies navigate the communications challenges presented by data breaches and security threats, we are consistently surprised that so many executives are still unprepared for these circumstances. The likelihood of a data breach or hack has reached a status of “when,” not “if.” Yet at many companies, the proverbial “IT guy” often sits in a back room, used only as a resource for minor technology issues, such as computer glitches or password misplacement. The IT team often isn’t privy to C-suite business decisions, and therein lies the problem.
Enter the CISO. A CISO is a senior-level executive role, and is included in boardroom discussions to ensure that the executive management team understands the company’s cybersecurity risks and factors them into business decisions. Security should augment and facilitate the flow of business, and upper management must help remove obstructions and impediments that compromise security of the company’s most critical assets: corporate and customer data.
Cybercriminals have evolved faster than most security systems … and those systems which have yet to be cracked are simply sitting ducks. Their ability to conduct network surveillance and launch distributed denial-of-service (DDoS) and phishing attacks is designed to either monetize stolen data, such as credit card numbers, or expose sensitive company information. The idea that a hacker is a lone wolf in a basement is dangerously outdated: Most successful cybercriminals are recruited and trained by established organized crime groups funded by governments to take advantage of social media and email communications. A CISO not only analyzes, formulates, and mitigates security risks, but also forges partnerships with supporting business operations teams, community cybersecurity organizations, and federal and local law enforcement to stay at the forefront of security issues.
Most boards and executives are not typically fluent in matters of information technology. Who better to educate the board on cybersecurity and regulatory issues than your CISO? Knowing that the board has a fiduciary obligation to protect shareholder value, the role becomes a win-win scenario. After all, the most security aware a company will ever be is immediately after a breach. Don’t wait until it’s too late!