Business Daily Media

The Disconnect Between C-Suites and CISOs Endangering Aussie Organisations

  • Written by Scott McKinnel, Country Manager ANZ at Tenable

Cybersecurity threats thrive in a climate of uncertainty. This makes it more important than ever for organisations to get ahead in identifying risk, particularly amid a global pandemic. However, a disconnect exists between the expectations of businesses and the realities facing security leaders, preventing organisations from taking an effective approach to managing and reducing cyber risk.

A recent study by Forrester, commissioned by Tenable, found that only three in 10 security leaders in Australia say they can confidently answer the question, “How secure, or at risk, are we?” — proof that a gap currently exists despite massive investments in cybersecurity. These findings suggest that CISOs are ill-equipped to provide a clear picture of their organisation’s cybersecurity posture in a way business leaders understand- narrowing the possibility of initiating a meaningful dialogue between security and business leaders.

Going forward, how can C-suite executives and CISOs collaborate to narrow the gap and ultimately secure their organisations from increasing threats?

The need to work towards a common goal

Over the past two years, there has been a dramatic increase in the number of business-impacting cyberattacks, with 73 per cent of Australian businesses reporting they’d fallen victim during this period. Of these, 39 per cent suffered damaging financial loss or theft, 39 per cent reported a loss of customer data and 36 per cent reported a loss of employee data. If business leaders weren’t already aware, this data reinforces the fact that cyber risk can have an enormous impact on the core functions of an organisation and cannot be solved in silos.

Encouragingly, the federal government, in announcing a $1.35bn cybersecurity investment, has demonstrated the strategic importance it is placing on the country’s cyber defence. This should signal private sector organisations to follow suit. Ultimately, it is only through a common, shared approach that business leaders and security experts can close the gap and reduce the risk of cyberattacks amid looming threats.

The impact of COVID-19

The current health pandemic has created unforeseen challenges for organisations around the globe and cybersecurity is no exception. Malicious cyber actors are actively targeting everyday consumers and Australian organisations with COVID-19 related scams and phishing emails, with experts predicting these incidents are likely to increase in frequency and severity over the coming months.

Security leaders must consider that many employees are now operating remotely and therefore should take into account new security risks that previously weren’t a major issue. In any scenario where corporate devices have left a secured network to operate in a potentially insecure home network, the attack surface expands.

The same Forrester study found that while 96 per cent of organisations globally had developed COVID-19 response strategies, only three-quarters reported their business and security efforts are only “somewhat” aligned, at best. This disconnect between business leaders and CISOs is going to be even more critical as uncertainty around COVID persists.

Closing the gap between business and security leaders

It’s tough for business and security leaders to be on the same page when they don’t speak the same language. Cybersecurity leaders can begin remedying this by ensuring their initiatives are reframed as business priorities. This can be done by communicating business value and ensuring their objectives align with business needs. Indeed, Forrester’s research found that fewer than 50% of security leaders are framing the impact of cybersecurity threats within the context of specific business risk. Moreover, only half (51%) say their security organisations work with business stakeholders to align cost, performance, and risk reduction objectives with business.

One of the key ways that security leaders can bridge this gap is through metrics that speak to business risk. Eighty-five percent of business-aligned security leaders have metrics to track cybersecurity ROI and impact on business performance versus just 25% of their more reactive and siloed peers. Another way is through internal and external benchmarking. Just as any company leader will evaluate financial performance versus their competitors, security leaders can become more business-aligned by clearly articulating expectations and demonstrating improvements versus peer companies and internal groups.

In turn, business leaders need to provide their security experts with the right combination of technology, data, processes and people to succeed. One of the most important ways to achieve this is through giving the CISO visibility of an entire company’s operations by elevating their role within the company, to ensure that security is baked into every business decision from the start. With complete visibility, security experts can take a holistic view of the company’s most critical assets, and make risk-based decisions to prioritise efforts.

Staying ahead of the curve

There are two languages being spoken. Business leaders want to know, ‘What’s the cause, what’s the headline, what’s the risk?’ The language barrier between business and security leaders is a chasm. When this is the case, how can Australian organisations realistically expect to guard against increasing cyber threats? By connecting the language and metrics of security and business leaders, and by empowering cyber leaders with complete visibility over assets, organisations can take an important first step to close this gap.

Business Reports

AirRobe and THE ICONIC Celebrate A Sustainable Milestone

AirRobe and THE ICONIC have unveiled a market-first feature that allows customers to add past orders made on THE ICONIC to their AirRobe Circular Wardrobe™ in one click.  The new ‘add past orders’ feature builds on THE I...

YouGov appoint Laura Robbie as CEO of the Asia Pacific region

A world of new opportunities  Market research and data analytics company YouGov is pleased to announce the appointment of Laura Robbie as CEO of the Asia Pacific region.  Miss Robbie previously held the role of Managing Di...

How to Sharpen Your App Development Skills

Mobile application development is a skill that you should take seriously. It's not the easiest task in the world, and it takes more than just technical know-how to be successful. If you want your app to succeed, you have to shar...

The four markers that define Australia’s best-in-class workplaces

What is it that has aided one-third of employers not to experience difficulties with recruitment in the current market, writes Servicely’s founder and CEO Dion Williams. We’re used to living with impatience. The scant few...

3 Tips For Balancing Business And Family

Running a business while also simultaneously being the head of the family can be a stressful challenge to deal with, but so many people out there do it. If you are living this kind of lifestyle and feel like you have too much go...

RBNZ Survey: majority of experts believe inflation has hit its peak

While inflation has likely hit its peak, homeowners should brace for further hikes to their mortgage repayments, according to a new Finder poll.  In this month’s Finder RBNZ Official Cash Rate Survey, 15 experts and econom...

Web Busters - Break into local search

WebBusters.com.au