Many CSOs and CISOs are so consumed with what is happening now that they have little or no time to look ahead and plan for the near-term. Please note that the near-term is defined as the next three to five years. Security has become much higher of a priority than it was just a few years ago. It has risen to the point where C-level executives (CEO, CFO and COO) are now routinely involved and is becoming a frequent topic of the board of directors. This requires the CSOs and CISOs to continuously update and educate senior level executives in addition to continuously managing their expectations.
Now, there is the question of the not so distant future. What changes are likely to occur in the next three to five years that will impact the business and create a new or enhanced challenge for the CSO and CISO? If there is one certainty that I learned the hard-way in my 25 years is that C-level executives and the board hate to be surprises by unexpected problems, expenses and challenges. A proactive cybersecurity strategy requires the insights into the plans that only C-level executives and the board have in mind for the organization. Here are the top ten strategic issues that I have encountered working at the C-level.
1. Organizational Performance & Productivity
2. Global Issues
a. Regulations
b. Economy
c. Terror, Unrest and Conflict
3. Cyber Security
a. Reputational Risk
b. Costs Associated with a Breach
i. Legal
ii. Regulatory
iii. Business/Customer Impact
4. Long-term Business Sustainability
5. Mergers, Acquisitions and Divestitures
6. Outsourcing (onshore or offshore)
7. Disruption
a. Innovation
b. Accelerated Change
8. Moving to the digital economy - adoption of new/emerging technologies for internal use and use in the organization’s products and services.
a. Internet of Things (IoT)
b. Connected Vehicles
c. Wearable Technology
9. New Payment Methods
a. Mobile Payments
b. Cryptocurrencies
10. Human Resource Risk Management
a. Talent Acquisition
b. Human Resource Retention
Once you look at the top ten you will have to come to the conclusion that your plate is full. Stop and consider for a moment the impact the list is likely to have on the security operations of your organization. Organizations must change to adapt to the changing business conditions, new markets, new technologies (for products and services) and in order to achieve operational efficiencies. They must lead, quickly follow, or be pushed aside by those that can adapt and change at an accelerated rate. You do not want to be perceived as the roadblock or impediment to the business achieving their strategic objectives. That is what I term a CLM. If you have not heard of a CLM, it stands for Career Limiting Move! Every organization needs to make progress in order to sustain current levels of performance. That being said, there are very few organizations that want to keep the status quo! Continuous organizational development is a key to success in today’s highly competitive operational environment. You and your staff need to become accustomed to an ever evolving business & technology environment. The next three to five years will be unlike anything we have experienced before! If projections and forecast hold true, it will be many times larger than the Internet period of the mid to late 90s.
Planning for the Inevitable
Significant changes are about to occur and there is nothing you can do to stop them. You can impede your organization’s progress adapting to those changes, but you career is at great risk. All of this coupled with the growing sophistication, frequency and total cost of these cyberattacks demand CSOs and CISOs take a proactive approach to cyber security. If you do not look forward and create a high-level plan to address what you believe the next three to five years hold, you will be 100 percent reactive to the changes that are likely to occur. The odds of you being successful and not becoming an impediment to the organization without taking a proactive approach are close to zero! That puts you behind from the start! In order for you to become pro-active, you must have these executives engaged. The C-level executives and the board of directors possess the authority and resources to support the initiatives needed to address today’s cyber threats and prepare for what is to come in the next three to five years. Get proactive and start your planning now!