Business Daily Media

The Disconnect Between C-Suites and CISOs Endangering Aussie Organisations

  • Written by Scott McKinnel, Country Manager ANZ at Tenable

Cybersecurity threats thrive in a climate of uncertainty. This makes it more important than ever for organisations to get ahead in identifying risk, particularly amid a global pandemic. However, a disconnect exists between the expectations of businesses and the realities facing security leaders, preventing organisations from taking an effective approach to managing and reducing cyber risk.

A recent study by Forrester, commissioned by Tenable, found that only three in 10 security leaders in Australia say they can confidently answer the question, “How secure, or at risk, are we?” — proof that a gap currently exists despite massive investments in cybersecurity. These findings suggest that CISOs are ill-equipped to provide a clear picture of their organisation’s cybersecurity posture in a way business leaders understand- narrowing the possibility of initiating a meaningful dialogue between security and business leaders.

Going forward, how can C-suite executives and CISOs collaborate to narrow the gap and ultimately secure their organisations from increasing threats?

The need to work towards a common goal

Over the past two years, there has been a dramatic increase in the number of business-impacting cyberattacks, with 73 per cent of Australian businesses reporting they’d fallen victim during this period. Of these, 39 per cent suffered damaging financial loss or theft, 39 per cent reported a loss of customer data and 36 per cent reported a loss of employee data. If business leaders weren’t already aware, this data reinforces the fact that cyber risk can have an enormous impact on the core functions of an organisation and cannot be solved in silos.

Encouragingly, the federal government, in announcing a $1.35bn cybersecurity investment, has demonstrated the strategic importance it is placing on the country’s cyber defence. This should signal private sector organisations to follow suit. Ultimately, it is only through a common, shared approach that business leaders and security experts can close the gap and reduce the risk of cyberattacks amid looming threats.

The impact of COVID-19

The current health pandemic has created unforeseen challenges for organisations around the globe and cybersecurity is no exception. Malicious cyber actors are actively targeting everyday consumers and Australian organisations with COVID-19 related scams and phishing emails, with experts predicting these incidents are likely to increase in frequency and severity over the coming months.

Security leaders must consider that many employees are now operating remotely and therefore should take into account new security risks that previously weren’t a major issue. In any scenario where corporate devices have left a secured network to operate in a potentially insecure home network, the attack surface expands.

The same Forrester study found that while 96 per cent of organisations globally had developed COVID-19 response strategies, only three-quarters reported their business and security efforts are only “somewhat” aligned, at best. This disconnect between business leaders and CISOs is going to be even more critical as uncertainty around COVID persists.

Closing the gap between business and security leaders

It’s tough for business and security leaders to be on the same page when they don’t speak the same language. Cybersecurity leaders can begin remedying this by ensuring their initiatives are reframed as business priorities. This can be done by communicating business value and ensuring their objectives align with business needs. Indeed, Forrester’s research found that fewer than 50% of security leaders are framing the impact of cybersecurity threats within the context of specific business risk. Moreover, only half (51%) say their security organisations work with business stakeholders to align cost, performance, and risk reduction objectives with business.

One of the key ways that security leaders can bridge this gap is through metrics that speak to business risk. Eighty-five percent of business-aligned security leaders have metrics to track cybersecurity ROI and impact on business performance versus just 25% of their more reactive and siloed peers. Another way is through internal and external benchmarking. Just as any company leader will evaluate financial performance versus their competitors, security leaders can become more business-aligned by clearly articulating expectations and demonstrating improvements versus peer companies and internal groups.

In turn, business leaders need to provide their security experts with the right combination of technology, data, processes and people to succeed. One of the most important ways to achieve this is through giving the CISO visibility of an entire company’s operations by elevating their role within the company, to ensure that security is baked into every business decision from the start. With complete visibility, security experts can take a holistic view of the company’s most critical assets, and make risk-based decisions to prioritise efforts.

Staying ahead of the curve

There are two languages being spoken. Business leaders want to know, ‘What’s the cause, what’s the headline, what’s the risk?’ The language barrier between business and security leaders is a chasm. When this is the case, how can Australian organisations realistically expect to guard against increasing cyber threats? By connecting the language and metrics of security and business leaders, and by empowering cyber leaders with complete visibility over assets, organisations can take an important first step to close this gap.

Business Daily Media Business Development

How Microsoft's Activision Blizzard takeover will drive metaverse gaming into the mass market

Ready Player 1,000,000,0001?Sergey NivensMicrosoft was positioning itself as one of the pioneers of the metaverse even before its US$75 billion deal to buy online gaming giant Activision Bli...

Theo Tzanidis, Senior Lecturer in Digital Marketing, University of the West of Scotland - avatar Theo Tzanidis, Senior Lecturer in Digital Marketing, University of the West of Scotland

Some of the super-rich want to pay more tax – but society cannot afford to depend on them

Shutterstock/PilgujDemands for the super wealthy to pay more taxes are not new. But they don’t usually come from billionaires or millionaires.Yet on January 19 2022, around 100 of the ...

Peter Bloom, Professor of Management, University of Essex - avatar Peter Bloom, Professor of Management, University of Essex

A killer app for the metaverse? Fill it with AI avatars of ourselves – so we don't need to go there

Ready avatar one?Athitat ShinagowinBig numbers coming. Microsoft’s US$75 billion (£55 billion) acquisition of Activision Blizzard has landed – true to Call of Duty vernacul...

Alex Connock, Fellow at Said Business School, University of Oxford, University of Oxford - avatar Alex Connock, Fellow at Said Business School, University of Oxford, University of Oxford

Labelling Equipment; Prayers Have Been Heard and, Answered

If you are an instrumental part of a management team for a business that now requires labels for their products or goods, then traditionally you’d have had one of three choices, if the...

Business Daily Media - avatar Business Daily Media

Leading Australian Microsoft partner Satalyst acquired by Canon

Satalyst, one of the leading Microsoft cloud and security partners in Australia, has today announced that effective immediately it has been acquired by Canon Australia. Satalyst will joi...

Business Daily Media - avatar Business Daily Media

How Timeline Maker Helps Business Owners On Their Targets

With many businesses today, the challenge is to make the audience know what you are all about. You can never go wrong with a website or an online presence for it is one of the most effecti...

Business Daily Media - avatar Business Daily Media

Content & Technology Connecting Global Audiences

More Information - Less Opinion