Cyber security has traditionally been viewed as an item on an IT checklist and a cost centre. But the perception of cyber security is changing and to explore this, e2e-assure invited seven leading cyber security practitioners and experts to participate in a thought leadership roundtable titled, “Cyber Security as a USP: From Cost Burden to Commercial Advantage”.
Chaired by Ian Murphy, CEO and Founder of CyberOff, participants discussed how the cyber security paradigm shift starts by changing the perception of cyber security within organisations and creating a positive cyber culture. Effective communication is also needed between the Chief Information Security Officer (CISO) and the board if cyber security is to become a business enabler and competitive differentiator.
Building a positive cyber security culture
Participants agreed that good cyber security is now being acknowledged by many boards as the key to effective corporate governance. This change in outlook must be accompanied by a drive to embed cyber security into company culture. Businesses which are part of a supply chain are now being asked to demonstrate that they have good cyber security practices in place to comply with buyer demands and to show they can operate efficiently and securely.
It is difficult to build a positive cyber culture into an organisation if the board doesn’t actively model and champion good behaviours. But when this happens, employees follow suit and are more likely to admit to any security mistakes they make instead of burying them.
This is particularly important now as homeworking due to Covid-19 has had a detrimental effect on employees’ attitudes towards cyber security with many now forgetting to lock their devices or be aware of who is looking at their screen.
Communication with the board
Participants agreed that boards often lack the awareness and understanding required to make informed decisions and discussed how presenting information makes a big difference to board buy-in. CISOs must talk the board’s language and show how cyber security is increasing customer value or reducing the bottom line.
Many CISOs struggle as they are unsure what to measure and how to convey information to the board. However, communication is a two-way street, and participants noted that the board must also start asking CISOs the right questions to determine what the key cyber security risks are and whether cyber security is being measured and tested properly.
According to the National Cyber Security Centre, every organisation is at risk of a cyber attack – no matter what size it is or which industry it serves – and should not assume that attackers wouldn’t be interested in them. Boards must acknowledge that cyber security is a risk to their business, manage that risk and make sure the CISO is delivering on the strategic plan.
Once there is an acceptance of risk and the action to mitigate it, the foundations are in place for organisations to make cyber security a business enabler that helps them innovate and be agile to win new business and pursue new markets.
Making cyber security a key differentiator
Transparency in communications with customers, the media and stakeholders is crucial. Having the technology and insight into their business environment to report on how security breaches occur and what action was being taken can be a key differentiator for businesses.
Transparency about an organisation’s cyber security practices also serves as a key differentiator when selecting suppliers, with some roundtable participants sharing that their organisations were being questioned on this.
Companies will lose out in selection processes if they don’t make information about their cyber security strategy available. Seizing this opportunity to put cyber security at the heart of the business is what will really make an organisation stand out against competitors.
Click here to read the whitepaper from the roundtable discussion.
Speakers:
Regina Bluman, Security Programme Manager, Algolia
Simon Davies, Director Global Information, Renesas Electronics
Rob Demain, CEO & Founder, e2e-assure
Lisa Forte, Partner, Red Goat Cyber Security
Adam Gwinnett, CTO and CISO, Nine23 Ltd
Leandros Maglaras, Professor of cyber security, De Montfort University
Giac Mosca, Chief Security Advisor, Emergentic Consulting
Moderator:
Ian Murphy, Founder & CEO, CyberOff