Facing long-standing and complicated challenges, Irish CISOs are battling to counter the escalating threat and to secure their roles as strategic partners.
Three responses may prove critical:
Make a stronger case for compliance spending
As regulation continues to fragment, cybersecurity teams in Ireland have yet to optimise how they manage compliance. It is also an area where funding is becoming harder to attain. Just 10% of Irish CISOs say that compliance needs are the primary driver for new funding.
It is increasingly vital to make a stronger case for new funds by communicating the scale of the challenge as well as the huge potential damage of a compliance breach. New technologies such as RPA and AI that automate manual compliance work will free up precious resources, new ways of working will deliver benefits, and greater regulatory experience and knowledge in the team will be important.
“The challenge for many organisations spans people, process and technology,” says Carol Murphy. “Currently, however, they are stuck with manual systems, sub-optimal processes and skills gaps.”
Test for overconfidence through self-evaluation
Organisations cannot be truly confident in their ability to manage cyber risk unless they consistently test their abilities to counter and respond to danger. Doing so requires regular crisis response exercises, the growing use of methods such as penetration testing, and critical evaluation of forensic security and other capabilities.
“Have CISOs thought about business continuity?” asks Carol Murphy. “How will they ensure the business can function? What are the workarounds and solutions for customers, suppliers and staff? Cybersecurity has to constantly question itself to be sure its confidence is not misplaced. It has to be Trust by Design.”
Build bridges and influence
Stronger relationships with other business units will ensure CISOs have a clearer picture of difficult challenges, such as the risk of disinformation, and are in a stronger position to defend the business.
More broadly, CISOs who work closely with colleagues across the organisation will have a better understanding of the business’ wider strategic imperative. An ability to talk the language of the business will enable CISOs to secure improved resources, while helping fulfill their potential as growth enablers.
“Aim to build a peer group or network, both within and outside your organisation, that you can learn from and share ideas with,” suggests Carol Murphy. “Build a reputation for being innovative and progressive, rather than someone who focuses on the reasons why the organisation can’t do something.”