techUK sets out recommendations to help guide CISOs as organisations continue their digital transformation
techUK launches the second report in its Cyber People Series.
The Role of the CISO in a Digitally Transformed Organisation highlights the complexities surrounding the role of the Chief Information Security Officer (the CISO). In this new report, we explore what the CISO should be focusing on in an era where every organisation is a technology organisation, as well as touching on the key attributes of a successful CISO – leadership, strategy, technical, and governance.
Our report makes seven recommendations to enable the CISO to ensure that cyber security is recognised as a business enabler, helping their organisation to deliver on its digitalisation journey. These recommendations are underpinned by examples and contributions from industry leaders, including Microsoft, IBM Security, BT Security and Corix Partners.
Recommendation 1: The CISO must help the Board to recognise cyber security as a business enabler, and a critical ingredient in helping the organisation to deliver on its digitalisation journey.
Recommendation 2: The CISO should look beyond the purely technical and focus on business risk management. The CISO must have, and embrace, wider business skills and knowledge to drive change across all business functions.
Recommendation 3: The CISO must be prepared for all types of crises: identify the principles that will guide you in decision-making – and test them.
Recommendation 4: The CISO should build a digital empathy system: use telemetry data from trends to understand how people are working in the system to improve experience and reduce risk.
Recommendation 5: Supercharge the human firewall: the CISO should sharpen security hygiene to encourage people to adopt digitally safe behaviours and be on their guard against cyber threats.
Recommendation 6: The CISO should build the case for investment in appropriate threat intelligence so that they are equipped to help their leadership teams understand the business problem in context and to support improved decision-making.
Recommendation 7: Diversity is a strength to be actively sought within the security team (and beyond). The CISO should help to hold their organisation to account on diversity and initiate conversations that provoke action to ensure a team that makes better decisions.
This report is the second in the wider techUK Cyber People Series, which set out to explore how people can be the strongest element of the UK’s cyber defences. The aim of these reports is not to be prescriptive, but to support organisations and stakeholders in making the right decisions, highlighting best practice across UK sectors, and sharing insight from industry leaders across a range of topics.
The first report, The CISO at the C-Suite, tackled the key question of how the Chief Information Security Officer role should engage at C-Suite and Board Level, leveraging influence to ensure cyber security is seen as an enabler of the rapid digital transformation that all organisations saw throughout 2020. Future reports in this important series will continue to examine the CISO function, including how to make informed buying decisions.
Dan Patefield, Head of Cyber and National Security at techUK said:
“As cyber security underpins an increasing part of everything an organisation does, the role of the CISO function continues to evolve, enabling cyber resilient cultures to develop over time. It is critical for the CISO function to embrace wider skillsets beyond the technical, with an emphasis on commercial, communication and leadership. The key areas of focus outlined in this report, and the practical steps recommended, will guide organisations’ approach to this function as digital transformation continues apace. In doing so, we can ensure that cyber security is viewed as a true business enabler and create a strong foundation for that long-term cultural change to occur.”
Latest News from
New research from Vodafone reveals the cost to businesses of having poor parental leave21/01/2022 11:25:00
Employers who do not offer sufficient parental leave risk losing top talent. Vodafone urges Government and employers to review parental leave policies and ensure they meet the expectations of younger workers.
Online Safety: A guiding hand for tech companies17/01/2022 16:25:00
Georgina Kon and Peter Church from Linklaters LLP consider Ofcom's approach to the VSP regime and how this may provide insight into how it might regulate the broader online safety regime.
Energy Digitalisation Taskforce publishes recommendations for a digitalised Net Zero energy system17/01/2022 15:10:00
A new report by the Energy Digitalisation Taskforce is recommending greater control for consumers over their data to build trust; plug-and-play options for innovators to enable interoperability with the energy system; and mandated carbon monitoring – as key drivers to accelerate Net Zero.
15% of UK businesses have adopted AI17/01/2022 11:25:00
A new report from DCMS shows that while over 430,000 businesses are already using AI, there is great potential for further growth.
Connected Home Technology in 202214/01/2022 16:25:00
What developments can we expect to see in the connected home sector in the year ahead?
techUK welcomes the launch of UK-India FTA negotiations14/01/2022 11:25:00
techUK welcomes the launch of UK-India FTA negotiations which was announced on 13th January.
Introducing techUK’s Advanced Communications Services Working Group13/01/2022 16:25:00
Over the past two years techUK’s 5G Ecosystem Working Group has focussed on explaining the benefits of 5G to industries where there are opportunities to deliver services more efficiently.
Consumer Tech Trends in 202213/01/2022 11:25:00
Round-up of the latest consumer tech innovations from CES 2022 in Las Vegas.