Indeed, the lack of insight into areas such as HR and marketing may explain what is probably a false sense of confidence among Irish CISOs. Irish CISOs are, for example, noticeably more confident than their global peers. Six in 10 say they are confident they understand and can anticipate new strategies used by threat actors, compared to only 48% of international respondents.
This high level of overconfidence underlines the need for cybersecurity to be at the strategic heart of the organisation rather than at the periphery. And the way to achieve that shift is by building relationships with key internal and external stakeholders.
CISOs have usually had years of technical and leadership experience, but the type of decisions that they make often go beyond technical considerations and require much broader working relationships. The CISO should aspire to align to the objectives of business stakeholder groups and work to develop strong professional working chemistry.
Becoming a business enabler should be the goal of the CISO. However, conflicting points of view and natural tension between roles are an important part of business and should not prevent CISOs from working collaboratively to solve problems and meet business goals.
Trust is fundamental for a CISO to promote, especially where true mutual value is derived. It is built over time and is based on shared, mutually beneficial experiences. This can, however, be difficult, given that studies show that the job tenure for most CISOs is typically between two and four years.¹ Enduring CISOs have embraced the concept of trusted advisor, where businesses reach out to CISOs for solutions to their security problems.
A 360-degree approach
CISOs need to work on building stakeholder relationships both within and outside the organisation to orchestrate the strategic shifts in the security ecosystem. With the outbreak of COVID-19 accelerating the pace of digital transformation, the Irish cybersecurity leaders need to listen, learn and take a more holistic view of the security needs of the organisation.