The Changing Role of the Chief Information Security Officer

The role of the Chief Information Security Officer (CISO) must adapt as businesses rethink IT security.

Following the high profile cyber-attack on TalkTalk and the recent M&S data breach, there’s no denying that the buzz word of the moment is cybercrime. Globally, cybercrime is estimated to cost us $445 billion a year. However, the price of lost intellectual property and the expenditures encountered to resolve cybercrime is costing a tragic $1 trillion. 

With businesses being forced to drastically rethink IT security, the cybercrime insurance market has both altered and transformed the ways in which the Chief Information Security Officer is assessing corporate risk. CISO’s must now know how to quantify risk alongside understanding evolving business and computer security technologies. Corporate governance is a major driver in the change to the CISO’s role, with EU data protection regulations and requirements for businesses changing. In conjunction with the changing security landscape, the threat of corporate cybercrime has drastically advanced, playing havoc with businesses globally, hacking corporate infrastructures and denting consumer confidence. 

With a major weakness in cybersecurity being identified as the smartphone phenomenon, CISO’s are having to rethink vital areas of security in the personal computing space. To thrive in this new era of IT security, it’s imperative that the CISO understands that traditional areas of their security role (password policy, IDS, AV, firewall, patch and configuration management) have shifted to IT. The CISO’s role now goes beyond mitigating exposure to cybercrime and instead towards identifying, analysing and evaluating risk with the aim of protecting their company’s market share and increasing shareholder value. Alex Davis, Head of IT at Oliver James Associates, commented “Cybersecurity has now become a key part of business strategy rather than just being seen as a technology issue in many organisations. It’s likely that we’ll see a trend towards placing more divisional CISO’s in business units to work closely with IT and senior management”. 

As the CISO’s role moves from mitigating exposure to much broader risk management, data capture, modelling and analysis should be at the forefront of risk prevention. Thinking like a CFO will help in analysing the relationship between risk exposures and the value of company assets, revenue and liquidity. With the London Market being one of the most innovative in terms of adaptability and cybercrime insurance coverage, has the UK got the potential to become a centre of excellence in cyber risk management? 

If you’re interested in financial or professional services roles, please email to arrange a confidential chat.