The Evolving Role of the CISO: From tech expert to business partner

Rethinking cybersecurity leadership in a shifting threat landscape

Last year, 343 million people were victims of data breaches, costing business $4.88 million on average; the costliest cybercrime is business email compromise, accounting for $3 billion in losses. And yet, only six percent of CEOs view cybersecurity as a top priority. The fact is, there’s always been a misalignment between the business and security leadership over cybersecurity resilience.

On the surface, the poor perception of cybersecurity business value seems like a communication issue. Most CISOs struggle to speak the language of business while non-technical leadership struggles to grasp technical jargon. Looking at the problem more closely, the issue may be more deeply rooted in the structure of traditional cybersecurity teams and security leadership roles.

Hub-and-Spoke Centralised Operation Model No Longer Fit For Purpose

Most cybersecurity teams began as transactional, service-oriented functions, taking orders from IT teams or the business. but as these functions evolve and become more independent (particularly in large organisations), they take on a more centralised role wherein it is assumed that their job is to enact risk management and have oversight across every single business aspect and process.