CISOs of the Future
In the previous year, I had a formal conversation with the Chief Information Security Officer (CISO) of one of the private banks in India. He spoke to me on the roles that CISOs will be expected to take up in the future among other topics related to cyber security and CISOs. He said that CISOs role is shifting from handling information security to information risk management and that they should become strategists and continuously engage with business to protect the crown jewels of an organisation. Besides, he mentioned that there will be more power, visibility and importance to CISOs in the forthcoming years.
One of my colleagues argued that CISOs should have deeper understanding of the business and create the right security strategy for the business. He made this recommendation in one of his ongoing research work titled ‘Role of CISO.’ He further mentioned that security requirements should be integrated with IT and business requirements of organizations. It is important to foresee the paradigm shifts of this role in the next five or ten years. Some of the expectations from CISOs in the future would be:
A) Proficiency in the business aspects of cyber security
The cyber security community is researching on measuring the financial impact of cybercrimes. Similarly, cyber insurance is another upcoming trend. While developments in these fronts are anticipated in the near future, a CISO will be expected to contribute beyond defending sophisticated attacks. General management skills, technical and business knowledge will help them to assess damage in the case of cyber events and the liability to the organization. In addition, it will also help them to insure against cyber risks, and protect the organization from potential liabilities, to the extent possible.
In the words of the expert referred above, the main challenge of CISOs today is to arrive at an acceptable level of risk and articulate it to the business. The CISOs of the future should overcome this challenge.
B) People management
With the entry of many millennials, the existing talent pool of middle-aged and old-timers, a CISO will do well to manage the different aspiration levels and motivational factors of these three generations of employees. The shortage and availability of the right talent remains the main concern for cybersecurity domain even today. Technologies like artificial intelligence, machine learning, block chain are further expected to create more job opportunities in cyber security and it is right to forecast that the demand-supply gap of cybersecurity professionals will widen further. The CISOs of the future will be expected to groom, retain, mentor their teams and create succession planning strategies. Interaction with academia, willingness to visit leading cyber security institutions as guest faculties and helping lecturers in creating industry-relevant curriculum are some of the nice-to-have qualities of future CISOs.
C) Adapting unique communication strategies
CISOs are required to communicate to different stakeholders like board of directors, team members, colleagues of other departments, independent researchers, institutional and state-sponsored researchers and others on a regular and or periodical basis. In future, there will be an increase in the numbers and categories of stakeholders. They should keep in mind the IT, cyber security knowledge and understanding capacities of the specific audience and accordingly communicate to them.
What are your expectations from CISOs of the future? Share your thoughts to communications@rebit.org.in
