According to GlobalData, companies worldwide spent $114 billion on security products (both hardware and software) and services in 2017, and by 2021 this spending is expected to reach $140 billion. However, the majority of CISOs still do not report directly to the CEO, which leaves a communication gap that hurts companies.
One of the reasons for this lack in push for direct communication continues to be that executives and the boards do not fully comprehend the risks their company faces. However, the success of the CISO depends on their ability to communicate with business executives and build a strong relationship that allows continuous communication between the two so that when risks come about there’s a proactive approach to discuss what next steps should be taken to minimize and neutralize threats.
When you realize that cybersecurity technologies and solutions involve everything from artificial intelligence (AI) to behavioral analytics (BA) and machine learning (ML); cyber threat hunting and network security; as well as post breach consultancy and incident response services; it becomes quite clear why open communication between the higher up and CISOs is essential to ensure an effective security posture in the face of evolving threats.
All that advanced tech adoption means for organizations is that they’ll have a very busy CISO. It isn’t news that CISOs are overwhelmed with the data they collect through the tools they use, that identifying false positives is cumbersome and exhausting, and that sometimes there are threats that go unnoticed by the technologies adopted.
What’s even more worrisome is that companies are relying heavily on the technologies they’re spending their security budget on. A recent Cisco survey found that 39% of CISOs say their organizations are reliant on automation for cybersecurity, that 34% say they are reliant on machine learning, and 32% report they are highly reliant on artificial intelligence (AI).
Relying solely on tools to ensure cybersecurity is never a good idea. Cybersecurity is effective only when it involves people, process and technology; not one of the three or two of the three components. If CISOs can get to the CEO and communicate issues with them, this can help the people and process components of cybersecurity. It is also helpful to an organization to have open communication so that if additional expertise is required, this is done sooner than later.
Adopting a holistic cybersecurity posture may seem unnecessary to executives who want to find a one stop solution to insecurity; and unfortunately, the lack in communication between the higher up and people taking care of security within the organization doesn’t help this misconception.
If you find yourself in the position of evaluating your cybersecurity posture, give us a call. We’d love to help your organization get on the right track.
Photo courtesy of wutzkohphoto