This year’s GISS suggests that UK CISOs do not need to convince their boards or key business partners of their value, in terms of protecting the organisation from risk. But, as organisations focus on growth and recovery from the global pandemic, cybersecurity must secure a reputation as a strategic enabler.
CISOs will need to embrace the commercial imperatives of the business, ensuring that the new initiatives are implemented, rather than acting as an obstacle to change. Just 32% of CISOs believe, for example, that the executive team would describe cybersecurity as enabling innovation. Tackling these challenges will help ensure CISOs are consulted on new ideas at the earliest possible stage.
Explore the potential of automation to reduce compliance drudge
CISOs warn about the time and resource that must be devoted to compliance work, particularly as regulation fragments. They recognise the importance of compliance but highlight the repetitive nature of the work involved when meeting numerous regimes, each with subtle variations.
Technology can help, with automation enabling cyber professionals to focus more attention on risk-based and value-added work. Investing in new tools, such as robotic process automation, may be valuable, but many CISOs will be able to get more out of the tooling they already use.