News

Security and the Business: It’s good to talk

Paul Watts
Published 09 - March - 2023
Read the full article on ISF Expert Opinion
isf expert opinionpeople

Distinguished Analyst Paul Watts explores the shifting nature of business, the role of the security leader, and the implications of continuing to not align to each other’s goals.

A (digitally transformed) life after the pandemic

As recovery from the impact of the pandemic continues, digital transformation is dramatically changing how many organisations operate. Promises of innovation, efficiency and prosperity build pressure to transform as quickly as possible. However, uncontrolled and rapid transformation can increase both business risk and potential reward. Security and business leaders have become disengaged at a critical time. Change is urgently required on both sides to establish working relationships that ensure digital transformation risk is properly owned and managed. In this article, we will explore the reasons why disengagement has occurred, the implications of doing nothing, and the critical first steps to take in rebuilding those relationships.

The business relationship hits a rocky patch (or: “It’s not me, is it you?”)

“I just can’t hold [the board’s] interest” bemoaned a well-respected and long-standing Chief Information Security Officer (CISO) at a recent gathering of security leaders in London. Suggesting that perhaps it is because the business isn’t finding it interesting or useful to them produces an interesting reaction: the CISO is not the problem; the problem is that business thinks it knows best and doesn’t want the CISO’s help.

I think there is a bit of denial here. The reality of the situation is that the problem is not one of interest, but one of relevance.

Technology in business has had an image problem for years. Expensive, difficult to understand and use. Hostile. Intimidating. But where technology was once a luxury that merely supported the business, it has now become the business. Teams created to manage technology on the business’ behalf, partnered with security staff to ensure that it all remained safe. The business cared little about how it all worked and happily left them to get on with it, only engaging when they needed something, or something broke. And for many years, this was enough.

…the reality of the situation is that the problem is not one of interest, but one of relevance…

SUPPORTING CONTENT

VIEW ALL NEWS ARTICLES
Array

Paul Watts

Find out more about Paul Watts, Distinguished Analyst at the ISF.

Read more on Paul Watts
Array
event

The Future CISO: Securing the digital organisation of tomorrow

Where do CISOs find themselves today, and what changes should they be looking at to ensure their role continues to add value?

Location Online
Watch on-demand on The Future CISO: Securing the digital organisation of tomorrow
Array
podcast

Cyber, CISO and the Board: Turning awareness into action

Leveraging her vast boardroom experience, Margaret Heffernan provides advice on ensuring best practice is cascaded through the business.

Listen Now on Cyber, CISO and the Board: Turning awareness into action
Security and the Business: It’s good to talk
Read the full article on ISF Expert Opinion