Cybersecurity isn't an IT problem, it's a business problem

Cybersecurity isn't an IT problem, it's a business problem

346 readers like this
CIO Security Lock

The emergence of the CISO is a relatively recent phenomenon at many companies. Their success often relies upon educating the business from the ground up. In the process, companies become a lot better about how to handle security and certainly learn how not to handle it.

As a CIO, knowing the pulse of security is critical. I oversee a monthly technology steering committee that all the executives attend. The CISO reports during this meeting on the state of the security program. He also does an excellent job of putting risk metrics out there, color coded by red, yellow, and green. This kind of color grading allows us to focus attention on where we are and what we’re doing about it.

If you share a dashboard with executives regularly, they will become used to seeing it and accustomed to a conversation about current security realities. More importantly, what we have done — and this is all credit to our CISO — is to start a quarterly cybersecurity committee. This is a board-level committee, so everything reported in this meeting goes to the board as well. A cybersecurity council can allow for much more of a strategic discussion: “Here are the things we’re doing. Here’s the direction of the program. Here are some things that we’re looking to implement in the future.” It’s also an opportunity to talk about how the things that you’re going to do from a security standpoint might impact the business or benefit the business over the next months or quarters.

As I’ve said before, security isn’t an IT problem; it’s a business problem. That’s why it’s important to share articles and examples of how disruptive an attack can be to business. Now we’re more likely to hear an executive or board member say, “I saw this on the front page of The Wall Street Journal. How would this kind of exploit impact us?” And we have those kinds of conversations. So awareness is much higher.

The reality is, it’s often the publicity of other companies going through cybersecurity struggles that will help executives at your enterprise see that it could be you just as easily as it was them. They will start to ask a lot more questions because they want to know what is being done to protect them from something like that happening. Having the answers always puts IT and the CISO in a much stronger position.

One comment

Very well said, I totally

Very well said, I totally agree. Nowadays, due to more of digitization and Internet of things security management is under threat. We all know the data breach effects of IoT that apparently scares the IT department. I have read many good articles on cyber security, you can also read them here:

Tim Elkins joined PrimeLending in November 2008 as Senior Vice President, Chief Information Officer. In October 2012, Tim was promoted to executive vice president, chief information officer, and he is responsible for information security, IT operations, and technology initiatives.

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Ganes Kesari
October 18, 2019

Many analytics projects pass a pilot test with flying colors but fail to earn wide adoption. Here are five common culprits that doom projects – and advice for tackling them.

Submitted By Peter Phillip
October 18, 2019

With many digital projects, achieving a strong ROI means establishing a range to shoot for — while watching the intangibles.  Focus on engagement and experience.

Submitted By Kevin Casey
October 17, 2019

How does robotic process automation software handle repetitive tasks? Does RPA require coding? Where does it fit? Let’s break it down in plain terms


Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.