Wednesday, September 23, 2015

Executives overseeing cyber security need to understand how to translate technical risk to business risk and what the business impact will be if a threat is realized

An interview with Emily Mossburg @EmilyJMossburg, Resilient Practice Leader, Deloitte Cyber Risk Services @DeloitteRisks

We asked. Emily answered.

Why is stepping up security, immediately, particularly important to your company/industry?  

Addressing cyber security, for any organization, is not merely about technology; it’s a business risk that requires oversight and direction from business leaders. Executives overseeing cyber security need to understand how to translate technical risk to business risk and what the business impact will be if a threat is realized.

What is the key obstacle companies like yours face in bringing security up to where it needs to be?

For many years, the market has been talking about the need for security programs to be better aligned with the business. Most cyber security programs still operate within technical silos. Organizations need help transforming from a traditional IT Security program to a Cyber Risk program. This is first an organizational problem, not a technical one. There are several important considerations that can influence the transition:

·        Boards and executives taking the initiative to better educate themselves to lead the discussion, ask the right questions, and influence the process
·        Chief Information Security Officers (CISOs) taking on the role of change agents
·        Line-of-business leaders, with a strong stake in protecting revenue and growth initiatives, driving cyber risk management into innovation and development lifecycles
·        Once fundamentals are established, broad enterprise-wide education and awareness campaigns are crucial

Here more of what Emily has to say at The Business of Security:  Impacting Your Company's Resiliency, Reputation and Revenue on September 30. Learn more and register: http://bit.ly/SecurityBiz

No comments: