Conclusion: How Oceania’s CISOs should rise to the challenge
CISOs in Oceania face challenges that would be familiar to many of their counterparts around the world. But, in many instances, they have a more urgent need to upgrade their capabilities and reach a higher level of maturity. With that in mind, three responses could prove crucial:
Prioritise the skills gap – with a broader remit than in the past
There is no escaping Oceania’s shortage of cybersecurity professionals, at least in the short term, and upskilling the existing skills-base must become a critical priority. But CISOs should aim higher than this: building knowledge of the cybersecurity threat across the enterprise has the potential to reduce pressure on the function. By deepening board-members understanding of the threat, they will ensure they receive additional support.
To become more persuasive and influential, cybersecurity professionals also need to focus on softer skills. Right now, just 24% of Oceania CISOs believe their executive management team would describe the cybersecurity function as speaking the same language as the business.
Build new bridges across the organisation
Operating within the IT function, and often focused on technical issues, too many cybersecurity functions have failed to build strong relationships with key business partners.
Just one in five CISOs in Oceania (21%) describe their relationship with marketing as one of high trust and consultation. Investing time in growing these relationships will not only enable CISOs to play a broader role in transformation, and to be included in the earliest stages of planning, but also secure new advocates as they push for increased resources.
Reposition cybersecurity as an enabler
One of the biggest challenges for Oceania CISOs is to change the perception of their colleagues. Too many are seen as blockers of new initiatives, rather than enablers of transformation that are essential for making new technology initiatives secure and sustainable. Just 27% believe their executives see them as commercially minded, and just 28% say they are thought of as enabling innovation.
Resetting these outdated perceptions – reframing cybersecurity as a strategically minded enabler of change, critical for realising the business’ technology ambitions – should be a top priority for the post-pandemic era.