return to research

The CISOs Role During Periods of Instability

The CISOs Role During Periods of Instability
Download to share with your network

Five Proactive Steps Towards Stabilisation

In an increasingly interconnected, data‑driven world, any period of destabilisation has the potential to cause unforeseen consequences to organisations wherever they may reside or operate. The CISO’s role as a critical friend, advisor and subject matter expert remains an important one if organisations are to remain resilient in troubled times.

But do the CISO’s key stakeholders see it that way too? What should the CISO be doing to pre-empt inevitable questions and demonstrate real business value?

1. Monitor and report on the developing situation in context

Ensure access to intelligence updates regarding current and predicted threats to your organisation caused by the instability. Provide balanced situational awareness reports to leadership and avoid diluting their impact through information overload. Note mitigation steps that have already been taken or decisions that need to be made by executive management to manage any identified risks. The ISF Threat Radar is a useful tool for facilitating ongoing conversations regarding the threat landscape.

2. Use the right language for the audience

Always provide clear context and use appropriate language, avoiding technical jargon. Go beyond the technicalities of the threat and articulate the risks to business goals. Don’t abuse the situation to drive your own agenda, and avoid using FUD (fear, uncertainty, doubt) tactics to shock parties into action.

Challenges and issues should always be presented with solutions or an opportunity to ‘work the problem’ together.

3. Optimise the resilience of key at-risk assets

Assist in identifying and reprioritising critical assets and/or suppliers highlighted by the situational awareness reports as being at increased risk due to the destabilisation. Provide supporting business cases along with budget requests to manage those risks and enhance resilience, working with the respective asset owners.

4. Prepare the business for responding to a potential incident

Support the business in rehearsing existing response plans, validating supporting materials and dealing with identified weak points. Involve senior leaders in response planning and testing. Be honest and transparent about protect-respond-resume capabilities whilst offering opportunities for their immediate improvement.

5. Be a present leader to your business

Make yourself accessible to both leadership teams and employees to discuss concerns and offer support. Practice good stakeholder management: recognise the disparate needs of individuals and communicate in their language and on their terms. Support your own teams should the pressure build; drive their empowerment and let them know you have their back.


Roles and Rewards: How the role of the CISO is changing

Paul Watts, Monica Verma and Mark Ward

Lessons Learned: How CISOs must change their strategy to survive

Mark Ward and Greg van der Gaast


If you are not a Member of the ISF and are interested in finding out more about ISF Research or ISF Membership, then please get in touch today.