It’s 2024, and cyberattacks are now a business norm. To protect the average consumer and investor’s personal information from being compromised in data breaches, the SEC recently adopted rules that require companies to “disclose both material cybersecurity incidents they experience and, on an annual basis, material information regarding their cybersecurity risk management, strategy, and governance.”
With an ever-increasing cascade of cyberattacks and a dynamic regulatory landscape, the CISO’s role has expanded tenfold. In 2024, it takes a village to tackle cybersecurity. We know firsthand that today’s CISOs must be strong leaders who leverage strategic partnerships to keep their organizations safe and compliant.
Today’s CISO
Despite the CISO’s role being relatively new, it’s changed substantially over the years. In Splunk’s 2023 CISO Report, 90% of CISOs surveyed say their role had become a “completely different job” from when they first started. Once relegated to backend traffic monitoring and governance, CISOs are now spokespeople for their company’s security practices. Meaning, they’ve become more influential in the C-suite.
All this to say, CISOs can no longer work in a silo. From preparing 8-K filings to presenting at quarterly board meetings, the CISO’s inner circle should extend well beyond their security teams. Developing close relationships with the CEO, CFO, and CLO is necessary for the intertwined security, financial, and legal success of the organization.
This expanded scope extends to budgeting success as well. 87% of CISOs surveyed in The CISO Report say they’ve demonstrated a business case for increased budget YoY. However, only 35% say that their boards give them adequate cybersecurity budgets. Having enough cybersecurity resources has become a hot-button issue for CISOs, especially as threats trend upward. Therefore, it’s important to have a recurring meeting with your CEO, CFO, and CLO to discuss the most critical threats facing your organization, your resource needs, and investment requirements. Communication is key.
Leadership tips for CISOs
It’s the CISO’s responsibility to relate their company’s cybersecurity story to the board, the C-suite, and beyond. That’s why our best advice for solid CISO leadership is to practice evangelizing for resources. For example, investments in emerging technologies such as generative AI to help close the cybersecurity skills gap and uplevel teams. Responsibility rests on the CISO to communicate how their company can take advantage of these emerging technologies without risking any other aspect of the business. So it’s best to get comfortable. Practice in the mirror if you have to.
Our second piece of advice for solid CISO leadership is to adopt cybersecurity benchmarks so teams can measure themselves effectively. Many companies use the National Institute of Standards and Technology (NIST) framework, which focuses on five key principles: identify, protect, detect, respond, and recover. However, it’s important to note that these frameworks are not one-size-fits-all: An organization’s framework will depend on many factors, including industry, region, and company size.
Avengers, assemble!
Although we like to think that technology can help solve every problem, when it comes to being a CISO, it’s relationship and framework building that create the strongest foundation for successful cybersecurity hygiene. Because cybersecurity now touches every aspect of a business, including financial and legal, CISOs now play starring roles in the C-suite, and with that, comes greater responsibility.
CISOs can no longer work in the shadows. It’s time for cybersecurity leaders to face the future of their profession and turn to their CEO, CFO, and CLO as partners in safeguarding their organizations from bad actors. With these alliances secured, CISOs can effectively prepare for any challenge that comes their way, including cyberattacks, changing regulations, and the next great evolution of the CISO’s role.
Get your copy of Splunk’s CISO Report to learn how security leaders are addressing the latest threats, keeping up with AI, and changing their organization's security culture.